0

My motive is to store values in class library like we do in win form application using Properties.Settings.Default.variable. Why i want it to be stored using class library not application because i don't application developer to access or manipulate security information generated at run time. I am using c#.

How can i fulfill my motive ? Class library is my first hit, open go with any other solution also.

I can not use database because database is local in my scenario and can be accessed by user and application developer.

I making an telecommunication device in which i want my library to verify hardware is issued by us only using IMEI number. My application work in offline mode, so for this i m sending SMS containing IMEI number and receiving end verify IMEI number. After verification receiving end sends verification response back. At user end if device is not verified after receiving response class library should stop working.

Hot Cool Stud
  • 1,145
  • 6
  • 25
  • 50
  • why not store it in a database? – JanR Mar 17 '16 at 03:56
  • because database can be accessed by application developer – Hot Cool Stud Mar 17 '16 at 03:59
  • How about writing to registry? – Hari Prasad Mar 17 '16 at 04:02
  • won't your class library also be local? – Kory Gill Mar 17 '16 at 04:02
  • @KoryGill i am free to go with any solution, m nt sticking with class library as i mentioned in ques above. – Hot Cool Stud Mar 17 '16 at 04:09
  • 1
    What is the data/security info? What is it securing? What constraints are on the locality of this data? Is it encrypted? Is it R/W or R/O? Are ACLs/permissions enough to secure it? etc. Not enough information to make a recommendation, and I'm not a security expert. – Kory Gill Mar 17 '16 at 04:16
  • Very unclear what your requirements are as pointed out by @KoryGill. If you just interested in .config file - see http://stackoverflow.com/questions/3255820/apply-an-app-config-to-my-dll-assembly, otherwise please clarify the question. – Alexei Levenkov Mar 17 '16 at 05:02
  • Anything the class library has access to, the developer has access to. Since you're writing in .NET, are you aware that .NET assemblies can easily be decompiled? – Lasse V. Karlsen Mar 18 '16 at 06:47

2 Answers2

0

Library projects are not supposed to have config files which need to be modified at runtime hence you may use following approaches: 1- Keep all the configurations at win form application level and pass the info to library wherever its invoked. OR 2- Save the configurations to a plain xml file (instead app.config with default AppSettings class). Encrypt the xml file OR information within the file to keep it safe.

There are more options (e.g save settings in winform project app.config file and open read it from lib projects using OpenMappedExeConfiguration. Code sample) but the most flexible and secure way would be to use a custom xml file with encryption/decryption.

Community
  • 1
  • 1
Munawar
  • 2,588
  • 2
  • 26
  • 29
0

You cannot fulfill your stated goal. Any data on a client machine is accessible, and crackable, by a user of that client machine. At least on a PC, if nothing else they can attach a debugger and step through the decryption code all the time. In a past life I worked for a company that used hardware dongles as copy protection, and crackers would debug through our code, find the calls to the dongles, and noop them out.

You need to model your application assuming that any data on the client machine is completely owned by the user of that machine.

Chris Tavares
  • 29,165
  • 4
  • 46
  • 63