Sam wrote: > Hi all > This is just a general question about writing to files. Im currently writing > an app that requires information to be stored in files at runtime. As its > only for my own experience and practice im not worried too much about the > security side of things. Im am just curious how I would go about writing to > files that could only be read from my application so that other people can > not just open the file as a text file and view the details there. I have > tried searching online but can not seem to find what i need as im not even > sure what im looking to do is called. If someone can point me in the right > direction that would be great. > Thanks > G
They are called binary files. You may want to locate what is known as a 'hex editor' to view your program's output more easily. It also really depends on what you need to store. Structured data probably works best as JSON encoded data (easy to serialize and unserialize). If you want to keep prying eyes out, there are various approaches. Blowfish, for example, could be utilized to encrypt the data before writing to disk. You need to be careful though. Most block cipher encryption algorithms require the data to be padded out to some multiple number of bits (also usually conveniently a multiple of bytes). You will probably want to prepend the data with the size of the data you are encrypting. That way you can pad the data to the right size so the algorithm works properly. There are issues with this approach but it would take too long to explain and someone determined to access the data is going to succeed anyway. The end result could look like: Data -> JSON serialize -> Prepend size -> Add padding -> Blowfish encrypt -> Output file File -> Blowfish decrypt -> Determine original size/validate data -> JSON unserialize -> Original data If you want to make sure the data you are loading is valid, you can create a hash of the data and append it to the data stream before adding the padding. Then you check the data stream against the hash before unserializing it. MD5 is decent but broken. SHA-1 is better but partially broken. Both have various implementations around the Internet. -- Thomas Hruska CubicleSoft President Ph: 517-803-4197 *NEW* MyTaskFocus 1.1 Get on task. Stay on task. http://www.CubicleSoft.com/MyTaskFocus/
