Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Security when saving data on files

security android parse file java file stream

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 GilMan

GilMan

    CC Lurker

  • New Member
  • Pip
  • 7 posts

Posted 23 January 2014 - 09:14 AM

Hi

 

Im planning my next android application and I have a problem, maybe you guys can give me some ideas.

 

In the application, I need to be able to save some data in a text file and be able to parse data from the file. 

The problem is security.

I don't want the user to be able to edit the data in the file (perhaps for malicious reasons).

 

So how should I solve this problem?

 

If I encrypt the file, it's still possible to edit the file and force the application to crash when it's supposed to parse the data.

 

I was thinking maybe set some kind of hash code at the beginning of the file and verify it before parsing data.

Is this a good idea?

 

Do you guys have any ideas on different approaches?

 

Thanks!



#2 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 23 January 2014 - 12:08 PM

What type of information are you planning to store in this file? I ask this because if the file has bad data, it shouldn't be a big deal to trash the file and recreate it.

 

Why would bad data make it crash? Standard exception handling should allow you to gracefully detect that the data is bad and needs to be junked.

 

Ultimately, more details would really help.


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#3 BlackRabbit

BlackRabbit

    CodeCall Legend

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3871 posts

Posted 23 January 2014 - 08:33 PM

usually, if you store a file in the application's folder the user won't even get there... much less edit it...

Still, you could mask the text file as if it was another thing, like calling it: obj01.jpg or something like that.



#4 GilMan

GilMan

    CC Lurker

  • New Member
  • Pip
  • 7 posts

Posted 25 January 2014 - 07:39 AM

We are working on a "modular application".. the data (probably xml or something similar) that is saved on the file is going to be used to dynamically  create Android Views. 

This way the product owner can change the content of the application without our help.

 

So if the data in the file is modified, the application will either crash or create bad Views. (I think)

 

WingedPanther: That's what I want.. trash the file and recreate it.. but I need to know when to do this.

 

 

I have very little android experience so I'm not sure how these files are saved.. I just assume that it's possible for someone with good Android knowledge to find this file

 

We don't really think this would be an issue in real life.. but this is an university assignment and our teacher wants us to solve this.

I don't think masking the file will be accepted by our teacher.. but still thanks, might be useful in the future on other projects! :)

 

Thanks!


Edited by GilMan, 25 January 2014 - 07:41 AM.


#5 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 27 January 2014 - 05:41 AM

You keep talking about the application "crashing". If the app crashes, that suggests an uncaught exception while reading/processing the config file. Therefor...


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download