Locking Down a File

  • Thread starter Thread starter Corey B
  • Start date Start date
C

Corey B

I am writing a web application in ASP.NET that allows a user to
download an XML file to their machine that contains all of their work.
Then later they can upload that file to the server and continue
working. Is there a way that I can protect that file so that the user
doesn't alter it? I didn't know if there was some fancy way in .NET
that I could password protect the file or do something to it that would
not allow the user to alter it.

Thanks in advance for any help,
Corey
 
I'm not sure I understand what you mean. How can I keep a FileStream
reference to the file open when the file has been downloaded to their
PC? It won't be on the web server. The system will process their data
and then just stream the XML file down to the browser. So the file
won't actually ever live on the web server. The file will be on the
user's PC. Then after some time (Could be a day - could be a year) the
user can re-upload the file to the web server and continue working. I
just wondered if there was some way that I could protect the file so
that the user doesn't tamper with it. I will probably encrypt it
before streaming it down to the user. But in the end the file is just
a simple text file and the user could open it up in a text editor and
mess with it. And then the uploading of the file would fail and they
would lose their work. I was hoping that there is some sort of built
in .NET method of protecting the file. Or even a 3rd party component
would work too.

Corey
 
You are pretty much out of luck.. If you give the operator a file they can
modify it. You could encrypt it but if the operator really wants to modify
it they will find a way. XML by default does not have any notion of
passwords, locking or anything like that - it is just a plain text file
really!

Just courious.. if this is a web app why would you store files on the
clients machine? Wouldnt it make more sense to keep it on the server so that
the client could modify it from a different machine later on? Otherwise you
are locking them into only being able to "continue" what they were doing
from the same machine?
 
I know - it seems like a ludicrous requirement. For some inane reason
the people who I am building this web app for feel that there
absolutely *must* be a way for the user to save their work down to a
local file and not keep it on the server. We offer them the
traditional method of saving their work to the server and using a
username and password to log in and continue working. But for some
reason I can not convince them to do away with the requirement of
saving down to a local file. Apparently the users of this application
are not very tech savvy and are vary wary of saving their data to a web
server. They will feel more comfortable if they save it down to their
local PC. They are worried about people stealing the information if it
sits in a database on a web server. I have had countless discussions
with them about all different ways that we could secure the data on the
server so that no one knows whose data it is or how to decrypt it - but
to no avail. So I am stuck with this requirement for the user to save
info to a file and download it to their PC. I am just trying to figure
out if there is any way that I can protect the file so that they don't
mess with it before they re-upload it. Is there something that I could
do to it to convert it to a binary file so that they can't open it in a
simple text editor - and then later I can unconvert it from binary back
to text or something?

Thanks,
Corey
 
Sorry, I am dummy, I didn't read carefully enough what you said.
Sorry for the inconvenience ;-)
 
One idea, though..
You might use a trusted (so it has right to write on the file system) click
once application?
If you can, the you're back in business ;-)
 
Maybe zip it up before you transmit it to the client? Dont give it the
normal extention so the user would not know for sure what it was.

Just a thought.
 
Yeah I think that is what I am going to do. If I zip it up and then
change the extension of the file then at least the users would be more
likely to leave it alone. I think that's about the best I can hope
for.

Thanks - Corey
 
Back
Top