tags:

views:

71

answers:

4
+1  Q: 

Integrity and Authenticity

Hi!!

Sorry to keep asking so many questions, but you guys always seem to be so nice and helpful...

I need to do some application that imports data from a file. For instance, user selects one file and the application imports some data to database.

But I've been thinking, and this kind of app leads to a problem of integrity and authenticity of files. If a user changes the file the application is not allowed to use that information. And if one file is not from a source well known, the application can't use that file.

How do I do this kind of thing?

P.S.: I'm using C#.NET

A: 

you could sign the file right after it's created, if you have the possibility to do this. i guess there are a lot of tuto's about signing a file...

Atmocreations  2009-12-29 11:51:15
+2  A: 

If you can control the source file format, you can embed a digital signature. If you base the signature on a hash of the file contents, then you can be sure that the file comes from a trusted source, and that is has not been tampered with.

driis  2009-12-29 11:51:44
+3  A: 

Authentication and integrity are provided by digital signatures.

Follow driis' advice if you control the file format.

Alternately, if the file is XML, use an XML Signature.

Using C#/.NET:

Serge - appTranslator  2009-12-29 11:57:41
A: 

It depends on how strong you want this protection.

For example, you can have an xml file (for human readability) which has a hash node somewhere which contains the hash of the original file (+salt). This can be updated by the program, but the user can have a harder time figuring out what that key means. When the program opens the file, it calculates the hash and checks if it's the same as the one written in the file.

You can even take one step further and use digital signatures, but that's way more complicated.

Tamás Szelei  2009-12-29 11:59:50
Just a hash adds only obscurity, not actual assurance. Users can always regenerate a hash. Then again, they can always crack the binary (assuming it's not a web app) and disable the integrity check entirely.
Novelocrat  2010-10-20 01:10:29
A hash function is impossible to reverse, the only way is using rainbow tables. But if you put salt on the input, it makes the rainbow tables unusable.
Tamás Szelei  2010-10-23 08:35:42

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?