XML Designer & XML File Security? 
Author Message
 XML Designer & XML File Security?

I have been reading up on ADO.net and VB.  While reading the "Walkthrough".
It showed how to use the designer to create the xml schema and file.

However, is there any sort of security for xml files.  It seems that anyone
could edit the xml file and break my application.

I was considering use a MDB file for this VB.net application.

Any comments?

Thanks



Mon, 27 Dec 2004 04:33:57 GMT  
 XML Designer & XML File Security?
Just the usual file system security.  You'd be better off using the schema,
validating the document against the schema, then reporting any failure to
the user.

Cheers

--
Robert Chapman, MCSD
Manager, Applications Development
prairieFyre Software Inc.
http://www.prairiefyre.com

Quote:

> I have been reading up on ADO.net and VB.  While reading the
"Walkthrough".
> It showed how to use the designer to create the xml schema and file.

> However, is there any sort of security for xml files.  It seems that
anyone
> could edit the xml file and break my application.

> I was considering use a MDB file for this VB.net application.

> Any comments?

> Thanks



Mon, 27 Dec 2004 04:48:53 GMT  
 XML Designer & XML File Security?
Is this a locally deployed (desktop) application? I don't think the issue of
'breaking' the application is new with XML. Any user with access to any
segment of your application can 'break' it by simply deleting a file. They
could delete or change data in the the MDB file. They could delete or modify
an INI file. They could delete or modify information in the registry. So
this is not a new issue.

If this is a locally deployed application, there is nothing you can really
do to prevent the user from 'breaking' it. Perhaps you'd be more interested
in protecting your XML file from casual viewing and modification. You could
encrypt it and decrypt it when you read it in. Any attempted modification
would almost certainly result in an exception when you tried to load it.
(The odds that a modification to the ciphertext would still leave the
plaintext as valid XML are astronomically small.) So it would still break
your application. But if the user deleted the xml file altogether that would
also break it.

If security is a big issue, you might want to look toward restructuring your
app and performing secure operations on the server. But maybe this is
overkill for your application. What is your application context?

- Joe Geretz -

Quote:

> I have been reading up on ADO.net and VB.  While reading the
"Walkthrough".
> It showed how to use the designer to create the xml schema and file.

> However, is there any sort of security for xml files.  It seems that
anyone
> could edit the xml file and break my application.

> I was considering use a MDB file for this VB.net application.

> Any comments?

> Thanks



Mon, 27 Dec 2004 04:58:41 GMT  
 XML Designer & XML File Security?
The application runs a piece of machinery. It is stand alone and not
connected to any servers.

If they delete the file, that is a whole different problem.
What I don't want is for them to bring up the xml data and start changing
the information in it.
This is why I was thinking about a password protected mdb file.  It's not
totally secure but will keep the general public from trying to edit it.

Thanks for any further information.


Quote:
> Is this a locally deployed (desktop) application? I don't think the issue
of
> 'breaking' the application is new with XML. Any user with access to any
> segment of your application can 'break' it by simply deleting a file. They
> could delete or change data in the the MDB file. They could delete or
modify
> an INI file. They could delete or modify information in the registry. So
> this is not a new issue.

> If this is a locally deployed application, there is nothing you can really
> do to prevent the user from 'breaking' it. Perhaps you'd be more
interested
> in protecting your XML file from casual viewing and modification. You
could
> encrypt it and decrypt it when you read it in. Any attempted modification
> would almost certainly result in an exception when you tried to load it.
> (The odds that a modification to the ciphertext would still leave the
> plaintext as valid XML are astronomically small.) So it would still break
> your application. But if the user deleted the xml file altogether that
would
> also break it.

> If security is a big issue, you might want to look toward restructuring
your
> app and performing secure operations on the server. But maybe this is
> overkill for your application. What is your application context?

> - Joe Geretz -


> > I have been reading up on ADO.net and VB.  While reading the
> "Walkthrough".
> > It showed how to use the designer to create the xml schema and file.

> > However, is there any sort of security for xml files.  It seems that
> anyone
> > could edit the xml file and break my application.

> > I was considering use a MDB file for this VB.net application.

> > Any comments?

> > Thanks



Mon, 27 Dec 2004 05:03:31 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. XML, Converting Word doc's to XML files (O'2000)

2. How to create a secure connection, send an xml msg and receive and xml response

3. Render XML+XSL into PrintDocument (not XML) ?

4. XML Newbie question, getting a value from an XML string

5. Parsing XML from an ASP page that Creates XML fails

6. Trying to append a simple XML document as a node in an XML document

7. checking for xml tag/xml data???

8. XML From SQL2000 (Probs with FOR XML EXPLICIT)

9. XML document from SELECT ... FOR XML

10. Save recordset as XML/Restore from XML?

11. Read XML using VB6 DOM 4.0 with Namespaces - See Sample XML

12. XML: Using XPath navigation to enumerate certain xml nodes

 

 
Powered by phpBB® Forum Software