Where should my c# application write data so that the user can not modify or access it

Question

I have an Application that needs to store User Info such as their Username and there score and etc... I have selected LocalApplicationData of the Environment.SpecialFolder Enumeration. but I can access the directory for my application manually using file explorer and can edit or delete the file that can prove as a weak spot for the application and the users may be able to mess with my application.

So, Is there any directory that I can write to using code that the user will not be able to access it. tnx

score 4 · Accepted Answer · answered Feb 27 '16 at 12:03

Is there any directory that I can write to using code that the user will not be able to access it.

No. An application run by a user account has the same privileges and permissions as that user. Therefore, there is no way that the application could do something the user couldn't do on his own.

If the data you need to store is intended to be browsed or modified by the user, it should go in Environment.SpecialFolder.Personal.

Otherwise, data should be stored in either Environment.SpecialFolder.ApplicationData (if it should roam with the user account) or Environment.SpecialFolder.LocalApplicationData (if it should not roam with the user, and instead should be limited to the local machine).

Yes, the user can get into these folders and destroy the data. By doing so, they run the risk of breaking your application. You can't secure yourself from yourself.

Develop a "repair" utility that can recover from the damage by recreating the necessary files on startup of your application if necessary.

tnx, Cody Gray for the Answer, Appreciate it. – Walid Mashal Feb 28 '16 at 06:01 — Walid Mashal, Feb 28 '16 at 06:01

score 2 · Answer 2 · answered Feb 27 '16 at 12:03

2

As your application is running with your users privileges, there is no place your application can access that your user would not be able to access.

Your only option is to use encryption so your user cannot tamper with the file easily once it's written. But even then... what you did with the user's privileges can be undone by the user with the same privileges. You can only make it hard enough so he or she won't bother.

answered Feb 27 '16 at 12:03

nvoigt

75,013
26
93
142

tnx, nvoigt for the answer. :D – Walid Mashal Feb 28 '16 at 06:03

score 1 · Answer 3 · edited May 23 '17 at 12:10

1

You can not prevent use open the file, but have some method to check if a file is being modified by user.

You can save it at Registry, or if your data is big, you can encrypt it before save to file. When you encrypt data, user can not know which infomartion it contains, and if user open the file and modify it, the data become invalid and you can know it is modified.

edited May 23 '17 at 12:10

Community

1
1

answered Feb 27 '16 at 12:05

NoName

7,940
13
56
108

Where should my c# application write data so that the user can not modify or access it

3 Answers3

Linked