BinaryFormatter序列化DirectCast类 [英] BinaryFormatter Serialize DirectCast Class
问题描述
我正在使用类和二进制格式化程序将数据存储在文件中。
例如..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile,FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream),StuctureDataFile)
FileStream.Close()
数据文件有多安全,有人通过分析数据文件很容易重新创建我的
类吗?
我想停止人们创建自己的数据文件。
另外,无论如何我可以提供额外的安全性吗?例如,加密?
提前致谢!!
-
JZ
2004年9月22日星期三21:18:32 +0100,JZ写道:
我正在使用类和二进制格式化程序将数据存储在文件中。
例如..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile,FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream),StuctureDataFile)
FileStream .Close()
数据文件有多安全,有人通过分析数据文件来重新创建我的类吗?
我想要的阻止人们创建自己的数据文件。
另外,无论如何我可以提供额外的安全性吗?例如,加密?
提前致谢!!
当然,您可以序列化为MemoryStream,然后使用其中一种
System.Security.Cryptography中的加密类加密字节
数组,然后将其写入文件...显然,这个过程将是
反向恢复数据:)
-
Tom Shelton [MVP]
JZ,数据文件的安全性如何,通过分析数据文件,人们可以轻松地重新创建我的
类吗?
我不知道它有多容易,但是你可以在VS.NET中打开文件来确定它是多么可读。你会注意到字符串是立即可读的,还有大会,班级和版本。字段名称......
正如Tom所建议的那样,你可以使用System.Security.Cryptography.CryptoStream来支持
加密&解密文件。
你可以链接流,所以你不需要使用MemoryStream本身。
尝试一下喜欢:
Public Shared Sub Main()
Dim rijndael As New RijndaelManaged
rijndael.GenerateKey() ''创建随机密钥
rijndael.GenerateIV()''创建随机初始化向量
Dim encryptor As ICryptoTransform =
rijndael.CreateEncryptor(rijndael .Key,rijndael.IV)
Dim decryptor As ICryptoTransform =
rijndael.CreateDecryptor(rijndael.Key,rijndael.IV)
Dim FPs As New StuctureDataFile
Encrypt(StuctureDataFile.bin,FPs,encryptor)
FPs = Decrypt(" StuctureDataFile.bin",decryptor)< br $>
End Sub
私有共享子加密(ByVal路径为字符串,ByVal fps为
StuctureDataFile,ByVal变换正如ICryptoTransform)
Dim formatter As New B inaryFormatter
Dim output As Stream = File.Open(path,FileMode.Create)
Dim cryptoOutput As New CryptoStream(输出,转换,
CryptoStreamMode.Write)
formatter.Serialize(cryptoOutput,fps)
cryptoOutput.FlushFinalBlock()
cryptoOutput.Close()
output.Close()
End Sub
私有共享函数解密(ByVal路径为字符串,ByVal转换为
ICryptoTransform)作为StuctureDataFile
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path,FileMode.Open)
Dim cryptoInput As New CryptoStream(输入,转换,
CryptoStreamMode.Read)
Dim fps As StuctureDataFile =
DirectCast(formatter.Deserialize(cryptoInput) ),StuctureDataFile)
cryptoInput.Close()
input.Close()
返回fps
结束函数
请注意,上面我使用的是Rijndael算法加密和am磷;解密
文件。如果您愿意,可以使用其他算法,只需记住使用
完全相同的密钥和& iv用于解密,用于加密!
RijndaelManaged.GenerateKey& GenerateIV创建一个随机密钥&
初始化向量,适合测试,不适合生产...
希望这有助于
Jay
" JZ" < jj@anon.anon.com>在留言中写道
news:41 *********************** @ news-text.dial.pipex.com ...
我正在使用类和二进制格式化程序将数据存储在文件中。
例如..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile,FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream),StuctureDataFile)
FileStream.Close()
数据文件的安全性如何,通过分析数据文件,人们可以轻松地重新创建我的
类吗?
<我想阻止人们创建自己的数据文件。
另外,我还能提供额外的安全性吗?例如,
加密?
提前致谢!!
-
JZ
2004年9月22日星期三17:22:29 -0500,Jay B. Harlow [MVP - Outlook]写道:
JZ,< blockquote class =post_quotes>数据文件有多安全,有人通过分析数据文件来重新创建我的类吗?
我不知道怎么样很容易但是你可以在VS.NET中打开文件来看看它的可读性。您会注意到字符串可以立即读取,还有Assembly,Class&字段名称......
正如汤姆建议您可以使用System.Security.Cryptography.CryptoStream来加密&解密文件。
你可以链接流,所以你不需要使用MemoryStream本身。
Dang it !我知道这是可能的,但由于某种原因,记忆流
的东西卡在我脑海里......好的杰伊。
-
Tom Shelton [MVP]
Hi,
I''m using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
--
JZ
On Wed, 22 Sep 2004 21:18:32 +0100, JZ wrote:
Hi,
I''m using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example, encryption?
Thanks in advance!!
Sure, you can serialize to a MemoryStream, and then use one of the various
encryption classes in System.Security.Cryptography to encrypt the byte
array before writting it to the file... Obviously, the process would be
thre reverse to recover the data :)
--
Tom Shelton [MVP]
JZ,How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile? I''m not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.
You can chain the streams, so you don''t need to use a MemoryStream per se.
Try something like:
Public Shared Sub Main()
Dim rijndael As New RijndaelManaged
rijndael.GenerateKey() '' create random key
rijndael.GenerateIV() '' create random initialization vector
Dim encryptor As ICryptoTransform =
rijndael.CreateEncryptor(rijndael.Key, rijndael.IV)
Dim decryptor As ICryptoTransform =
rijndael.CreateDecryptor(rijndael.Key, rijndael.IV)
Dim FPs As New StuctureDataFile
Encrypt("StuctureDataFile.bin", FPs, encryptor)
FPs = Decrypt("StuctureDataFile.bin", decryptor)
End Sub
Private Shared Sub Encrypt(ByVal path As String, ByVal fps As
StuctureDataFile, ByVal transform As ICryptoTransform)
Dim formatter As New BinaryFormatter
Dim output As Stream = File.Open(path, FileMode.Create)
Dim cryptoOutput As New CryptoStream(output, transform,
CryptoStreamMode.Write)
formatter.Serialize(cryptoOutput, fps)
cryptoOutput.FlushFinalBlock()
cryptoOutput.Close()
output.Close()
End Sub
Private Shared Function Decrypt(ByVal path As String, ByVal transform As
ICryptoTransform) As StuctureDataFile
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path, FileMode.Open)
Dim cryptoInput As New CryptoStream(input, transform,
CryptoStreamMode.Read)
Dim fps As StuctureDataFile =
DirectCast(formatter.Deserialize(cryptoInput), StuctureDataFile)
cryptoInput.Close()
input.Close()
Return fps
End Function
Note in the above I am using the Rijndael algorithm to encrypt & decrypt the
file. You can use other algorithms if you so choose, just remember to use
the exact same key & iv for decryption that you use for encryption! The
RijndaelManaged.GenerateKey & GenerateIV creates a random key &
initialization vector, good for testing, not good for production...
Hope this helps
Jay
"JZ" <jj@anon.anon.com> wrote in message
news:41***********************@news-text.dial.pipex.com... Hi,
I''m using a class and binary formatter to store data in files.
For example..
Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I want to stop people creating their own data files.
Also, is there anyway I can provide extra security? For example,
encryption?
Thanks in advance!!
--
JZ
On Wed, 22 Sep 2004 17:22:29 -0500, Jay B. Harlow [MVP - Outlook] wrote:
JZ,How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
I''m not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...
As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.
You can chain the streams, so you don''t need to use a MemoryStream per se.
Dang it! I knew that was possible, but for some reason the memorystream
thing stuck in my head... Good one Jay.
--
Tom Shelton [MVP]
这篇关于BinaryFormatter序列化DirectCast类的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
