Safety concerns regarding Serialization C#

Question

I have Serialized all the Dictionaries in my application to a file. So when I open this file I can see lots of information regarding my class names and etc which have been saved with the file. So is this safe? Will everybody be able to just open a saved file created by my application and see what classes I've used? Here is the method I've used to Serialize my Objects.:

Serialization of two Dictionaries at once

What alternatives I have got to save my objects in my application to a file.

Answer 1

In my opinion, you shouldn't be afraid of it.. but it depends on your need. If you decide that it is important for you, I would recommend to store the data in some other place (remote storage).

You will have 3 alternatives for hiding the content:

1. Encrypt the object, and serialize it (best for local storage and postal) - http://msdn.microsoft.com/en-us/library/as0w18af(v=vs.110).aspx
2. serialize the object, and encrypt the file (worse, you will have to handle deleting the file)- http://support.microsoft.com/kb/307010
3. serialaztion to binary - the worst, doesn't really work - you can open the file in txt in figure out what's going on

So, if that is an importnant thing in your program, I think that the first method will be the best.

Answer 2

You can encrypt the file to hide it contents. So to read encrypted file you need to read it to the memory, decrypt and then pass to the deserialization Formatter.

Answer 3

Yes, they will be able to see the structure of the serialized object (maybe if you serialize it to a binary file, it's a bit more difficult, it does not help much tho).

However, anyone can see your source code anyways, just think about .NET Reflector or ildasm. I personally wouldn't worry about it, I don't see any problem with this.