Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I created an Outlook add-in that checks if some forbiden words are present in an email before it is sent. It simply compares a string containing the email with words present in a .CSV file.
I don't mind people being able to read that .CSV file, but I do not want them to be able to modify it, except if they are doing it using the Outlook add-in.
To do this, I wanted to change the properties of the file depending on the user. When using the addin, the admin user would get the Read/Write rights, whereas the otherones would only be able to read it. However, outside of the add-in, I want that file to be readonly for everyone.
I tried using File.SetAttributes("myPath", FileAttributes.ReadOnly); but then the user can simply go in the file properties, uncheck the "Readonly" option, and he can do whatever he wants ... Can I avoid this ? Is there a smarter option than the Readonly mod ?
You can encrypt the stored file.
To perform any operations, application can decrypt it in memory. User will not be able to modify unless using the application. Forced user modification will corrupt the file and make it unusable.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm building a class library with bunch of methods. One of which is for creating File. I want to make it run only 'N' times and after that to throw exceptions that the limit exceeded. Is there any way to embed that 'N' in the dll or how should i store it to be secure from changing that number.
So far i've tried with static field in the class but the static field is reset everytime the application using that dll is run.
Any suggestions ?
The safest solution would be:
Have the local application collect all relevant local data needed to create the file.
Request the file to a web service that knows how to create it with the supplied data.
The server will verify that the user’s credentials allow him to create the file; he’s a valid registered user, has payed his dues and still has file creations to spare.
Create the file on the server side and allow the user to download it.
Anything running locally in your computer is susceptible to being cracked. Professional softwware and game industries have wasted millions in anti piracy devices and they’ve failed miserably, don’t expect to have any better luck.
All of this obviously has a significant cost. If the risk of your average user knowing how to circumvent a basic protection is small and the loss of profit of those few that would know how to decompile, modify and compile your application is tolerable, then who cares?
Moral of the story: stop thinking about safest and start thinking about safe enough. It’s almost always cheaper.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm developing an .NET MVC web app and using a google service account to create/delete calendar events on users personal calendars. I'm not sure what would be the best way to secure my google authentication key so that only my program has access to it. Currently it's just in the solution folder for testing purposes.
"Best" is subjective. All I can tell you are options:
Put it in the Web.config as an App Setting, and then encrypt your appSettings configuration section. This is probably the safest route, if not the most convenient.
Put it in your code. It's not uncommon for developers to create a static Settings class that holds various bits of information the application needs. However, this means it will be plain text in the source. That's really only a problem if you plan to open-source your code or otherwise store it some place that's accessible to others (and that includes malicious others that shouldn't actually be able to access it). For example, I'd recommend only putting the source on a TFS or Git server internally, behind a firewall, rather than something on the Internet or public-facing. Once the code is compiled, you obviously won't have it in plain text anymore. However, if someone gains access to the compiled code, they could still decompile it and potentially find the string. To protect against that, you could use any number of obfuscation programs out there.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I'm building an application in C# that will use 'databases', but I want to be able to access the content of the 'database'/file in as many programming languages. The 'database' basically needs to be like a dictionary (it isn't one though), so like word=meaning, and I don't mind too much if a user can openly edit that.
However, there's a few things I want to store in the database that the user should not be able to edit. For example, I would like to store a unique key that the application will analyse and compare. I'd also like to add an 'isEditable' property that tells the application whether or not it can change the database, but this is not essential.
Do you have any suggestions on how I could store this information? I thought about XML because I could just hash the unique key, but I don't think it would be suitable for the word=meaning part.
Well, there are plenty of options. You can use a traditional database, and restrict user privileges. That way, the users can't edit anything (or can only do what ever permissions you grant them). If this needs to be deployed with your application, you can use a compact DB, like Sqlite or SQL Server Compact. There are ways to encrypt the entire DB file or to password protect them, so that would prevent your users from editing them. Sqlite has providers for many languages.
You could try a non-traditional database, like a MongoDB or db4objects. The latter uses a type of binary serialization so that you can persist your code objects to disk. Again, not easily user-editable. You could just persist your collection. With the former, you'll be closer to your goal of key=value pairs, because you don't have to have a defined schema for either of these options.
An XML file could work, provided you encrypted it, if your goal is to make it non-user-editable.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am writing a kind of accounting software which will run portable on a USB Memory Stick. I would like to make a hidden partition on the Stick to store some data to check the validity of the database file on the main partition. Currently I don't know how to start. Could anyone tell me any way to do it? What partition type should I use? How do I read from it with C# .NET? What Win32 APIs are there. Anything.
UPDATE:
Here's a scenario, I use a file (encrypted) to store a value (e.g. Amount of money), the user can backup that file, and whenever he restore the file, he restore the value at the time he backup. That's why I want to have a hidden partition. Encryption is not an option for me.
Rather than hiding you can use encryption
How to lock a folder on a USB drive?
There is a TrueCrypt project that does something similar you want. It is open source, so you might take a look how they are doing that.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
i have 200 terminals (Windows-mobile) that connect to the server Through WIFI
how i can transfer any file to all of them ?
is there any tool or can i get any C# sample code for this ?
thanks in advance
You should write some sw on the mobiles to sink the file instead of pushing on them. So each user can ask the server for transfer the file. If the file you need to transfer is a deploy of an application, you can even consider some strategy of auto upgrade as described here: http://msdn.microsoft.com/en-us/library/aa446487.aspx
You could create a log-on script assuming you have Active Directory and a friendly system administrator.
http://www.rlmueller.net/LogonScriptFAQ.htm
Microsoft have a non-free tool called System Center Configuration Manager that will do what you want. You need to install the client app on the phones first, then they poll the server for updates.
This is likely to be massive overkill for what you want but it's hard to be sure from the question.