Save data in C++ to a file which can't be accessed by the user?

Question

I'm trying to create a rudimentary log-in, create account system in C++, in which basically the user is prompted for a username and password or create a new account. In the option to create a new account the user enters some details which are saved in a file, however I don't want that data to be editable. Is there any way to make that data unaccessible? My Operating system is Windows.

Answer 1

Have you looked at Alternate Data Streams? Basically a file on most popular file systems can be 2 dimensional. Typically users only use the zero stream of data, but files systems can support parallel data streams, but most people don't know these exist so they never get looked at. Infact most tools ignore anything but stream zero so they might not even be able to copy these files!

See Alternate Data Streams

You can use this along side any of the other suggestions.

Answer 2

You can obfuscate the way you write the binary file, create a checksum for it, append the checksum to the beginning, middle, or end, encrypt it, and create&append another checksum again after the encryption. If all the checksums don't match up, obviously the file has been compromised.

While all of that won't prevent a user from actually editing the file, it would make it impossible to edit the file in any meaningful way for all but the most determined users.

Of course if a file is edited, it is unusable, but you can even get around that by creating and storing restore information such as parity files.

Answer 3

Use a 2 way encryption algorithm, like AES. Then, as @Casey says, write it to a binary file.

You will also need a key to encrypt/decrypt the data, which means that your application will need to store the key in the .exe or .dll which you provide with the application. The down point of this is that a really technical user, in theory, can search the .exe or .dll using a binary editor and might just find out the key, but I am guessing the number or such users would be very less.

Otherwise, you could have a cloud keystore and retrieve the data from there.

You should get quite a few AES libraries (they are usually 1 file long) from the internet written in C, so you should use them instead of implementing your own.

Edit: On re-reading the post, If your secret data is required for authentication, then what you really need is a shadow file. Unix systems maintain a /etc/shadow that holds the MD5 hash (1-way hash) of the password. So, when the user next time enters the password, you just verify whether the hash of the new password matches the stored hash. The advantage of this method is that nobody can ever read the actual password.

Answer 4

The easiest, yet not very security-conscience is to write to a binary file.

The "proper" way to do it would probably be to hash the data THEN write to a binary file.

Answer 5

If the user really wants to access the file, there's no way you can stop them. A simple answer that would work in most cases is to hide the file, by changing its attributes (on Windows) or prefixing the name with a dot (on Unix).

See http://msdn.microsoft.com/en-us/library/windows/desktop/aa365535(v=vs.85).aspx for setting the hidden attribute.