Prevent Spring connection file to be changed by users

StackOverflow https://stackoverflow.com/questions/16287623

Question

I am working on an application with Spring.Net and Windows forms. I would like to prevent users to change the Spring configuration file, something like setting the configuration file as readonly. I read the Spring.Net documentation and I found nothing, I looked on visual studio's side but I did not find how to set a file as Readonly. The only thing I found is to encrypt the app.config file, it is working but it does not prevent user changes. Do you have any idea?

Was it helpful?

Solution

Really preventing a change will be hard to impossible...

BUT usually it should be enough to be able to recognize whether it has been changed... to achieve this you basically need to implement some variation of the following scheme:

  • Create a hash of the file (together with a salt)
  • Store that value in your app.config
  • In your application read the file and recalculate that hash (with the same hash)
  • IF that value matches what is in your app.config all is fine, otherwise it has been changed and you need to take the appropriate action

To take the above a step further:

You could embed a copy of the file as an "embedded resource" into your application (EXE/DLL) and replace the file on disk on startup with the content of that resource - this way you make sure that the file is always what your application expects.

DISCLAIMER: the above scheme won't stop a really determined "attacker/hacker...".

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top