-3

My program is a desktop program made by .net7.

The program is running offline and the end-user is a factory, not all the factories have a network or are willing to pay for a network. We can't change this.

The program is used to verify whether the card has been used. The program reads the id (the id is something like Media Access Control Address that is unique) of the card, searches from the database and returns a result.

The data should not be stored in the card self for most people can clone a new card easily (but they can't clone the id).

As we know, we can store the data by database of file by encryption. However, someone can clear all the records by replacing a blank new database/setting or delete it directly.

The only idea for me is to save the data inside the program but not outside it.

Whereas, how can I achieve this? Or is there a better solution? Thank you.

Melon NG
  • 2,568
  • 6
  • 27
  • 52
  • 3
    Honestly, if someone destroys the database in such manner, it's their responsibility and their fault. You won't get around much of this. – Ray Jan 18 '23 at 22:48
  • 3
    Unclear of what you are trying to achieve. It seems like you want to preserve state, but don't want that state to be deleted? You are not explaining why not save in a data file? Just like the data can be deleted, so can the application itself - no? – Lockszmith Jan 18 '23 at 22:48
  • 1
    No, you can't modify the executable file itself. What about using an encrypted file that contains other data (or "filler data") that just the card use history? That would be harder to clear our manually. It could still get corrupted but I don't see a way around that unless you write-protect it at the OS level except for admins. – D Stanley Jan 18 '23 at 22:49
  • 1
    Is *someone* an end-user or your co-worker? – PM 77-1 Jan 18 '23 at 22:49
  • @DStanley It is to store the card history. – Melon NG Jan 18 '23 at 22:50
  • @PM77-1 the end-user. – Melon NG Jan 18 '23 at 22:50
  • 2
    Think of the ways games save data. They either save it on the server, or computer side through a save file. Both of these have downfalls. Client side means that they don't interact with others while they are off line. The server really can't check what they have. The user can change the save file. Even if you encrypt the save file some way, someone is going to be able to crack it given enough time. If you need people to interact with cards other people use, then you must store it server side. That means you need to make sure that the individual can ONLY interact with what the individual has. – Robert Shannon Jan 18 '23 at 22:52
  • Why would end-user have any DB access at all? – PM 77-1 Jan 18 '23 at 22:54
  • @PM77-1 For some reason the program is an offline program. The end-user is a factory, not all the factories have a network or are willing to pay for a network. We can't change this. – Melon NG Jan 18 '23 at 22:57
  • @RobertShannon I am afraid the end-user does not have a network and we can't store the data in server directly. – Melon NG Jan 18 '23 at 23:00
  • @MelonNG then you can't really save it if the computer gets turned off / the program shuts off. You could try to save it in config files, but that would be a monster config file. You would need to create a file on install that can grow and shrink, and write the state to that file on save, and read it on start up. But long and short is if you cannot save the data, it can't persist when the program or computer is off. – Robert Shannon Jan 19 '23 at 00:09
  • You could install a local instance of SQLExpress. Remove the `Windows Authentication` and password protect your database. Although, if the end user is savvy enough they can still delete the `.mdf` and `.ldf` files. At least you can make use of Entity Framework backed by SQL Servers data redundancy and backup features. Ideally you'd get the PC an internet connection and host an API to manage this data. – clamchoda Jan 19 '23 at 03:23

1 Answers1

1

In NTFS (Windows), you can use the alternate stream of the file. Although, technically, the user will still be able to delete it.

See this answer for details on how to do that with .

Lockszmith
  • 2,173
  • 1
  • 29
  • 43
  • Thank you! It is a good idea. But I am afraid there is not any alternate stream about EFCORE that I am using. It seems EFCORE doesn't now support it. – Melon NG Jan 18 '23 at 22:58
  • Well, it's a simple file, it has nothing to do with Entity Framework - You can set the persistence to save the content in the Alternate Stream instead of a regular saved file. In anyway, I really think you're taking the wrong approach. The comments on your questions seem to be steering you in the right direction. – Lockszmith Jan 18 '23 at 23:13
  • Side note: this is quite harmful suggestion to a person without any idea of security... Roughly the same as saying that writing password on sticky note is ok as long as one sticks it to back of the monitor rather than the front... (All local storages accessible to a local program have the same problems from security point of view). – Alexei Levenkov Jan 19 '23 at 01:03
  • @AlexeiLevenkov I agree. The entire question was a bit surreal, but my answer is about the technical possibility. – Lockszmith Jan 19 '23 at 14:54