tags:

views:

150

answers:

6

Hello, I have c# program , and one file from where it read-write some info. I need that user can not change that file's content, I need some way to chek is that file correct(not changed by user). Please if you have any ideas write, will discuss together. Many Thanks

A: 

Check out the MD5 hash algorithm.

Sani Huttunen
A: 

You can't restrict user in his file system, but your application can store file parameters (created & modified timestamps, size) and create hash on its contents so that to compare with these values before next file usage.

Upd.

If you want to avoid user modifying file anyhow you have to restrict him accessing it other than reading. So you have 2 alternatives:

  1. Use security grants and remove user from ACL. If user is admin, that's a bad idea. In other cases you'd better define some user group if possible.
  2. Use database. This can be some light local DB which only advanced user can modify, e.g. SQLite. But this works only on a presumption that user can't open this file (can't install appropriate tool...)
terR0Q
OK, very well , you understand me 100% . But where to save that hash result ? I try to save it in registry> But user can copy that hash result from registry , and that file , work some time , then paste file and its hash to registry and works from zero. I do not want this...
Armen Khachatryan
Read my answer. Does that not work for you?
psychotik
@Armen psychotik's answer covers this task
terR0Q
user copy file , sometimes works with file , then replaces copied file , and works from zero. i do not want this. in the file writen time info...
Armen Khachatryan
@Armen added an update to my answer
terR0Q
+4  A: 

Compute the file checksum or crc or hash and write it out in the file itself (Compute the hash before you write it out the hash). Then when you load the file, check for existence of this hash, remove it and re-compute the hash. Verify that they match. If they don't, then it's been tampered with. Anytime you change the contents yourself, update the checksum/hash.

psychotik
Just keep in mind that the user will be able to modify the file and replace the hash in the file afterwards to prevent the modification from being detected.
AaronLS
Thaks, but, see user copy file , sometimes works with file , then replaces copied file , and works from zero. i do not want this. in the file writen time info...
Armen Khachatryan
What is different from file and its copy? checksum or crc or hash ?? or other?
Armen Khachatryan
A: 

If you simply need to open a file in readonly in C#, you can do so by specfiying the FileAccess.Read flag:

using (FileStream fs1 = new FileStream(path, FileMode.Open, FileAccess.Read))
{
    using (StreamReader rd1 = new StreamReader(fs1))
    {
        while ((str = rd1.ReadLine()) != null)
        {
            //do stuff
        }
    }
}
Dynami Le Savard
A: 

You could use a hash to ensure that the file has not changed?

public static void Main(string[] args)
{
    using (HashAlgorithm hashAlg = new SHA1Managed())
    {
        using (Stream file = new FileStream("C:\\test.txt", FileMode.Open, FileAccess.Read))
        {
            byte[] hash = hashAlg.ComputeHash(file);
            Console.WriteLine(BitConverter.ToString(hash));
        }
    }
}

or

BitConverter.ToString(MD5.Create().ComputeHash(File.ReadAllBytes("C:\\test.txt")))
Kane
+1  A: 

There is no completely reliable method to accomplish what you are wanting. If you hash the file, the user can modify the file and regenerate the hash, and then your program will think the file is unmodified. If you try to hide the hash in the registry, the user can easily use SysInternals tools to detect the location you are saving it to.

You could instead digital sign the file, which is similar to hashing it, except it involves a secret key. Again however, you have the issue that the key must be kept secret, and storing it in the application or somewhere on the computer leaves the potential for the user to locate the key and then again they are able to modify the file and resign it such that the modification is undetectable by your program.

You could have your application submit the file, or perhaps just a hash of the file for efficiency, to a web service you create. The web service can digital sign the file or hash, and return the signature or store it on the server. Later when the application reads the file, it can use the signature and server's public key(you must get this from the server to ensure that the file was signed by the server) to verify the file has not been changed. Or you could resubmit the file or hash to the server, if the server stored the signature, and it can verify the file and return a result to the application. Again, this is not fullproof. There would be ways for a user to spoof the webservice, even if using SSL there are ways to circumvent that. The user could altogether crack your application and remove the verification code.

Judging from your other questions, this is some component of a software activation system. Just take a look at Adobe and Microsoft, and their failed attempts to create such a system. If you think you can do better, good luck. There are better ways to ensure your software is used legally without activation systems that lead only to frustrating your loyal users.

AaronLS
Yes you judged right , i want make a demo for my program. thank you for answer , and please say better method , i want maximum disappoint my loyal users...
Armen Khachatryan
user copy file , sometimes works with file , then replaces copied file , and works from zero. i do not want this. in the file writen time info...
Armen Khachatryan
What is different from file and its copy? checksum or crc or hash ?? or other?
Armen Khachatryan
Businesses generally won't use illegal software because of the legal risks it poses. For a demo, I would require the user to register on my website and provide contact information before providing a download link via the provided email. After the demo period ends, have your sales department contact them asking if they are interested in purchasing the software since their trial has ended.
AaronLS