Hidden Application Data

[sternr]

Hey,
I have a commercial application, that needs to store the user's id and
password on the local machine, and we'd like to hide it from our users
(to prevent frauds etc.).

How can I store my application's data in a hidden way?
And don't tell me the obvious solutions: hidden file, registry key
etc. - isn't there a more reliable\hidden way?

Thanks ahead

--sternr

 

[Lasse Vågsæther Karlsen]

Hey,
I have a commercial application, that needs to store the user's id and
password on the local machine, and we'd like to hide it from our users
(to prevent frauds etc.).

How can I store my application's data in a hidden way?
And don't tell me the obvious solutions: hidden file, registry key
etc. - isn't there a more reliable\hidden way?

Thanks ahead

--sternr

More hidden, probably. To be more reliable, you need to define what
reliable means.

If your software is running in the context of the logged on user, the
user is able to do whatever the software is able to do, so all you can
hope to achieve is to obfuscate the storage process so much that the
user either loses track, or give up because it's so much work. You can
not store the data in a secure manner that only your software has access to.

For instance, using a decompiler (Reflector) or just using your class
libraries, a user could perhaps write a new program that read out the
values.

To prevent fraud, implement your security on the server where the user
cannot get anywhere except for inside the boundaries you've set, and let
the user type in the password each time.

Are you trying to prevent someone from learning the information, other
than the user? Ie. user uses the program, then closes it and leave the
computer, and you want to prevent someone else from going up to the
computer and learning the password, or similar cases? If so, then the
answer is to not store the password on the computer at all.

 

[Peter Bromberg [C# MVP]]

Have a look at IsolatedStorage. There are special .NET classes to work with it.
-- Peter
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short Urls & more: http://ittyurl.net

 

[sternr]

Hey guys thanks for your answers!
My prodcut is a psuedo anti-virus application.
I need to save my user's credentials on the computer to be able to
connect to the server and check for license validity and new updates.
The reason I want to hide the user's credentials is not from the user
(although it does help prevent piracy...),
But for malicious programs who'd try to delete\modify this file and
thus disabling my product.
Any suggestions?

Thanks again!

--sternr

 

[Lasse Vågsæther Karlsen]

Hey guys thanks for your answers!
My prodcut is a psuedo anti-virus application.
I need to save my user's credentials on the computer to be able to
connect to the server and check for license validity and new updates.
The reason I want to hide the user's credentials is not from the user
(although it does help prevent piracy...),
But for malicious programs who'd try to delete\modify this file and
thus disabling my product.
Any suggestions?

Thanks again!

Wouldn't it be easier to just kill your application and delete the .exe
file?

And if you think about it, anywhere your program can get to, a different
program can get to as well.