Is it safe to store data in XML?

views:

answers:

Is it safe to store data in XML?

We are developing an application and it demands storing data in XML coz it will be used by another application.

now question is would it be possible to restrict access to that xml file. and make it readable only through our application? if yes.. how to do it?

No, xml is text document doesn't have internal security. If the data is that confidential you should consider other means of communication.

Fedor Hajdu 2010-01-05 10:50:48

+1 A:

Yes, you can encrypt it. But first, you need to determine who your 'attacker' is; i.e. who are you trying to prevent from reading it. It may be that sufficient privs on the given filesystem are enough :)

Only after carefully determining a threat-model can you safely determing which angles you need to protect against (insecure transport system = encrypt, etc) and then implement it appropriately and with care.

Noon Silk 2010-01-05 10:50:53

An xml file is just like any other file. Anyone with access to the filesystem can read that file.

If you want to make the contents of the file very hard to read by others you will have to use encryption with a key shared by both applications.

Nifle 2010-01-05 10:51:39

+2 A:

XML itself cannot provide the security features you are asking for.

Two possible solutions:

Use the file access settings in your file system to allow only a single user account to read/write to the file. Make sure to run only your application using the credentials of that account.
Encrypt the file with a key that only your application knows.

Jørn Schou-Rode 2010-01-05 10:53:21

what are the file permissions that i need to give.. to the xml file.

Masade 2010-01-05 11:10:49

That depends. If your application is running with a dedicated user account `600` should work (assuming your OS is some kind of Linux/BSD/Unix).

Jørn Schou-Rode 2010-01-05 12:46:55

ansaurus

tags:

views:

answers:

Is it safe to store data in XML?

related questions