Quick serialisation question...

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All,

I have a class that is defined in a strongly named assembly. I serialise an
instance of this class using the BinaryFormatter. When I deserialise it, is
there any way of ensuring that the object was serialised from the authentic
assembly? ie that the byte stream was not spoofed/tampered with.

Any input welcome,

Thanks
DC
 
Couldn't anyone with a file byte viewer open up the file and modify the
contents (say change a serialized string)? If so, I would suggest adding a
crc/hash value to the stream, but not send this part to the deserializer.
That way, if someone screwed with the file, the hash values would be
different.

Scott
 
Thanks Scott,

I was thinking the same thing but was just wondering if maybe the framework
did something similar in a sneaky manner itself. It seems not. Will pobably
do exactly what you suggested.

Regards,

DC
 
Back
Top