Reputation: 492
How should I save user profile data locally and securely in VB.NET?
I am creating a VB.NET application for a Calculus class as a little side-project. It requires user profiles that are saved locally in the program's main files. I am using 2 separate classes to access the user profiles right now.
The first class is called Config and it is used to manipulate the basic config file which contains lesson document paths, settings, and user profile names.
The second class is called User and it is used to load up user profiles from a profile directory where user data is saved in separate text files.
The Config class retrieves the user names, and user profile text file paths. This text file path is then handed off to a User object that can then load up and interpret the file.
Sorry, if that was an overly informative bit, but I thought it would help explain things.
My question is how should I format the config file and user files so they are secure enough that someone can not easily retrieve or manipulate data?
Here is a sample of how I am reading the text files:
Dim userList() As String = {Nothing}
If My.Computer.FileSystem.FileExists(configPath + "config.cfg") Then
Using MyReader As New Microsoft.VisualBasic.FileIO.TextFieldParser(configPath + "config.cfg")
MyReader.TextFieldType = Microsoft.VisualBasic.FileIO.FieldType.Delimited
MyReader.Delimiters = New String() {"="}
Dim currentRow As String()
'Loop through all of the fields in the file.'
'If any lines are corrupt, report an error and continue parsing.'
While Not MyReader.EndOfData
Try
currentRow = MyReader.ReadFields()
'interpret data tokens delimited by "=" and new line character here'
Catch ex As Microsoft.VisualBasic.FileIO.MalformedLineException
MsgBox("Line " & ex.Message & " is invalid. Skipping")
End Try
End While
End Using
End IfThe problem isn't reading the text file, I am just not sure how to make it secure. I was thinking about first parsing the entire file to translate it from 'encrypted' to text, and then save it as a temporary file which I would pass off to the above code, then delete the file immediately afterward. As for 'encrypting' (is that the right word for this?) the file, I could maybe bit-shift each character using a key that I would save at the beginning of the file.
I am more interested in saving the file securely then worrying how much of an over-kill it might be. This is more of practice I guess.
Upvotes: 0
Views: 1422
Answers (2)
Reputation: 8016
Well... .NET includes A LOT of security and encryption classes. I would begin your search by looking in the System.Security.Cryptography namespace.
If you need help implementing a specific method from within the options there, let us know.
As a side note, you should be able to handle all of your file access from the System.IO namespace. Try to stay away from the Microsoft.VisualBasic namespace as a lot of the stuff in there is no longer best practice.
-edit: Typo.
Upvotes: 1
Reputation: 1110
There's a good example on how to encrypt/decrypt files using vb.net on codeproject.com http://www.codeproject.com/KB/security/EncryptFile.aspx
Upvotes: 1
Related Questions
- How to securely save username/password (local)?
- Where to store the sensitive data in vb.net securely
- Advice in storing sensitive data in Windows Form Application vb.net c#
- Secure data in VB.NET?
- How to store current user information, security, and preferences
- How should I store sensitive data for use by my application in VB.net?
- How would/do you secure your users details
- Storing Windows username + password in VB.Net
- Storing credentials locally in registry - encryption methods?
- ASP.NET server data persistence