I have a series of XML files which I want to hide from the client and I want to be available only for the application. I read and write from/to them using XmlSerializer. How can this be done? I read about embedded resources, but from what I've seen, I need to read and write to the files using some sort of stream. I was wondering if there is another approach which would allow me to access them using XmlSerializer and hide them from the client.
Asked
Active
Viewed 2,877 times
1
user2399378
- 733
- 2
- 9
- 21
-
When you say 'hide' I presume that simply marking the file as 'hidden' is not acceptable to you? – The Senator Dec 18 '13 at 11:42
-
I need to be able to read it from the application. If it is marked hidden I can still do this? – user2399378 Dec 18 '13 at 11:51
-
@user2399378 I wrote an answer, I assumed you're talking about .NET environment, if you don't tag your question with more details this may apply to Java, .NET or anything else with a XmlSerializer class... – Adriano Repetti Dec 18 '13 at 11:51
-
Yes, it is a .NET application – user2399378 Dec 18 '13 at 11:53
-
Yup, if the file is hidden you can still access it. – The Senator Dec 18 '13 at 14:53
-
@The Senator: I tried to modify hidden files and it is not allowed. Otherwise this would have been a good solution – user2399378 Dec 18 '13 at 14:58
1 Answers
1
If you just want to hide them (kind of obfuscation to prevent casual changes) you may consider to compress them. For example this an example of C# deserialization function:
static T Deserialize<T>(string path, object obj)
{
var serializer = new XmlSerializer(typeof(T));
using (var stream = new GZipStream(File.OpenRead(path),
CompressionMode.Decompress))
{
return (T)serializer.Deserialize(stream);
}
}
Your customers will see a binary file and they won't be able to change/inspect it (moreover it's just a compressed stream so they can't even unzip them). For clarity this is equivalent serialization function:
static void Serialize<T>(string path, T obj)
{
var serializer = new XmlSerializer(typeof(T));
using (var stream = new GZipStream(File.Create(path),
CompressionMode.Compress))
{
serializer.Serialize(stream, obj);
}
}
Note: in your original question you didn't say anything about your environment (.NET? Java?), I provided code assuming you're programming in C# but you can apply same technique with any other language/environment you're using.
Update this is a small test program to see how it works:
public class Test
{
public string Name { get; set; }
public string Value { get; set; }
}
class Program
{
static void Main(string[] args)
{
Serialize(@"c:\test.dat", new Test { Name = "A", Value = "B" });
}
// Place here Serialization<T>() method
}
Adriano Repetti
- 60,141
- 17
- 127
- 190
-
.NET, I forgot to mention this. It seems like a good approach, I will try it and see how it goes. Thank you – user2399378 Dec 18 '13 at 11:54
-
@user2399378 you welcome. It's not something you can use to save your license data (or sensible informations) but it's good to be used to obfuscate text files shouldn't be changed/inspected by _super-users_. – Adriano Repetti Dec 18 '13 at 11:55
-
I have a situation where some files need to be compressed and some don't. I adapted the serialize method to treat these situation, but I'm not sure for deserialization, how can I check if a file is compressed or not? – user2399378 Dec 18 '13 at 12:15
-
@user2399378 then you have to make it little bit more complicated. Easiest way is to check first character of (uncompressed) input stream (XML file will start with BOM or with " – Adriano Repetti Dec 18 '13 at 12:21
-
@user2399378 no, I just tried a small test program (added to answer too) and it performs as expected (update to FileMode.Create if you'll write more than once). – Adriano Repetti Dec 18 '13 at 12:52
-
Yes, I tried your method and it works. Before I adapted it to my method and apparently I did something wrong. Thank you for your help :) – user2399378 Dec 18 '13 at 13:00