1

I have a series of XML files which I want to hide from the client and I want to be available only for the application. I read and write from/to them using XmlSerializer. How can this be done? I read about embedded resources, but from what I've seen, I need to read and write to the files using some sort of stream. I was wondering if there is another approach which would allow me to access them using XmlSerializer and hide them from the client.

user2399378
  • 829
  • 2
  • 10
  • 23

1 Answers1

1

If you just want to hide them (kind of obfuscation to prevent casual changes) you may consider to compress them. For example this an example of C# deserialization function:

static T Deserialize<T>(string path, object obj)
{
    var serializer = new XmlSerializer(typeof(T));

    using (var stream = new GZipStream(File.OpenRead(path),
                                       CompressionMode.Decompress))
    {
        return (T)serializer.Deserialize(stream);
    }
}

Your customers will see a binary file and they won't be able to change/inspect it (moreover it's just a compressed stream so they can't even unzip them). For clarity this is equivalent serialization function:

static void Serialize<T>(string path, T obj)
{
    var serializer = new XmlSerializer(typeof(T));

    using (var stream = new GZipStream(File.Create(path),
                                       CompressionMode.Compress))
    {
        serializer.Serialize(stream, obj);
    }
}

Note: in your original question you didn't say anything about your environment (.NET? Java?), I provided code assuming you're programming in C# but you can apply same technique with any other language/environment you're using.

Update this is a small test program to see how it works:

public class Test
{
    public string Name { get; set; }
    public string Value { get; set; }
}

class Program
{
    static void Main(string[] args)
    {
        Serialize(@"c:\test.dat", new Test { Name = "A", Value = "B" });
    }

    // Place here Serialization<T>() method
}
Adriano Repetti
  • 65,416
  • 20
  • 137
  • 208
  • .NET, I forgot to mention this. It seems like a good approach, I will try it and see how it goes. Thank you – user2399378 Dec 18 '13 at 11:54
  • @user2399378 you welcome. It's not something you can use to save your license data (or sensible informations) but it's good to be used to obfuscate text files shouldn't be changed/inspected by _super-users_. – Adriano Repetti Dec 18 '13 at 11:55
  • I have a situation where some files need to be compressed and some don't. I adapted the serialize method to treat these situation, but I'm not sure for deserialization, how can I check if a file is compressed or not? – user2399378 Dec 18 '13 at 12:15
  • @user2399378 then you have to make it little bit more complicated. Easiest way is to check first character of (uncompressed) input stream (XML file will start with BOM or with "<"). As alternative you may add a marker at the beginning of your compressed stream. Raw & dirty? first try to deserialize it as uncompressed, if it fails then it's compressed... – Adriano Repetti Dec 18 '13 at 12:21
  • @user2399378 no, I just tried a small test program (added to answer too) and it performs as expected (update to FileMode.Create if you'll write more than once). – Adriano Repetti Dec 18 '13 at 12:52
  • Yes, I tried your method and it works. Before I adapted it to my method and apparently I did something wrong. Thank you for your help :) – user2399378 Dec 18 '13 at 13:00