Serialization using C #

Question

Serialization using C #

Can serialization be used as a safe means of storing program state?

+3

security c # serialization

Arhsim Jul 22 '10 at 4:05

source share

3 answers

Charles Bretana · Answer 1 · 2010-07-22T04:15:12+0000

No. Serialization is simply a technology that allows you to convert representations of objects of objects or graphs in memory into a stream of bytes, which later (with type definitions) will be restored back to the memory representation in memory of the same objects. If you want some kind of security, you can encrypt the byte stream before you save (store) it on disk or in the database, and then decrypt it again before de-serializing it, but the Serialzation / Deserialization process itself provides security.

code4life · Answer 2 · 2010-07-22T04:44:43+0000

Good excerpt from Wikipedia:

, , . , . .

, , , . , , .

, , ?

http://code.google.com/apis/protocolbuffers/docs/faq.html

Protobuf-net

: Jon Skeet # ( Java, ...)

devstuff · Answer 3 · 2010-07-22T04:45:53+0000

+1 @Charles.

If you save application settings for each user, you should use a class ProtectedDatafrom the namespace System.Security.Cryptographyto reliably store serialized data; use the DataProtectionScope.CurrentUserdata area for each user.

The class ProtectedDataencrypts the data using the password for user login; The base DPAPIcode handles password changes, so data may be available.

Serialization using C #

More articles: