Well Swarna, You shouldn't serialize directly any object that should be secure. use the dbms built in security methods to store confidential information. Remember if you store information using a soap formatter all the o/p is in XML format and all the user needs to do is open the file in notepad. though the binary formatter does store object in a binary format anyone can see the info contained. however you CAN get some kind of security by not exposing any object(which you intend to serialize) and keeping it private within your application. so you should not put your class in a dll, that would provide some security as the other applications don't know the type of the class that is stored in the file.As ive already said even this method is not fool proof. In my opinion the best method to provide Security for your persistable object is to use a CryptoStream (instead of a FileStream) and to use this stream to persist your object. ie. instead of dim obj as new UserClass 'Make sure the class is <Serializable()> dim fs as FileStream fs=FileStream.Create("c:\test.bin") dim bf as new binaryformatter bf.serialize(fs,obj) Now do this: dim obj as new UserClass Dim sa As SymmetricAlgorithm = SymmetricAlgorithm.Create() dim cs as new CryptoStream(<output File Stream>,sa.CreateEncryptor(e_key,e_IV),CryptoStreamMode.Write) 'In the above line 'e_key' and 'e_IV' are 16 byte arrays and they are the info required to Decrypt the files 'Now use this stream to store the encrypted data bf.serialize(cs,obj) cs.close the e_key is the key used to decrypt the data. so it must be known to your application only and nobody else. now u can appropriately decrypt the data (using the secret key known to ur app) and deserialize and construct the original object. However this is a high security solution where the situation demands absolute security.(If ur app will be used in Dilbert type organizations! ![]() ) If you want a more easier solution try implementing the 'ISerializable' interface by your object and do some bitflipping and other simple bitmanipulations(on the member which should remain secret like password string) and save it to the SerializationInfo object in the overridden GetObjectData. Also appropriately implement the protected constructor and do the reverse bit manipulation to recreate the original data member. However be absolutely sure the bitmanipulations must be completely reversible. I hope this helps!
If u have any questions feel free to contact me at [EMAIL PROTECTED] I NEED A JOB. Plz contact me if you have one! | 
