C++

Forum

 
Securing .txt files

Furjoza (54)
Hello,
Ive wrote a simple console game and I keep lot of date in .txt files. I wonder what are the ways to secure them from users. I mean I keep there for example progress date of a player and for now its way to easy to manipulate with those text files. So is there a simply way to do it? Thanks in advance for replies.
JLBorges (13770)
chmod (Unix)
https://www.freebsd.org/cgi/man.cgi?query=chmod&manpath=FreeBSD+9.3-RELEASE&format=html

or cacls (Windows)
http://technet.microsoft.com/en-in/library/bb490872.aspx

For instance:
1
2
3
4
5
6
7
 
chmod 744 game_scores.txt  
# You (owner) can read, write, (or execute) game_scores.txt;  
# Everybody else can read it

chmod 700 password_hashes.txt  
# You (owner) can read, write to, or execute password_hashes.txt;  
# No one else (except su, who can take ownership) would have any access to it

Computergeek01 (5613)
You could use CreateProcess() to kick off cacls, but that's more work then is necessary. Building off of JLBorges premise, here is the solution on Windows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
/// LINK TO EITHER 'ADVAPI32.lib' FOR CL, OR 'LIBADVAPI32.a' FOR MINGW.

#include <iostream>

#include <windows.h>
#include <Aclapi.h>


void pause()
{
    std::cin.sync();
    std::cin.ignore();
}

class LOCK_FILE
{
    public:
    LOCK_FILE(TCHAR* filename): FileName(filename)
    {
        PACL pNewACL = NULL;

        EXPLICIT_ACCESS Access[1];
            BuildExplicitAccessWithName(Access, "Users", GENERIC_ALL, GRANT_ACCESS, NO_INHERITANCE);

        if(SetEntriesInAcl(1, Access, NULL, &pNewACL) != ERROR_SUCCESS)
        {
            throw short(1);
        }

        if(SetNamedSecurityInfoA(FileName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewACL, NULL) != ERROR_SUCCESS)
        {
            throw short(2);
        }
    }

    ~LOCK_FILE()
    {
        PACL pNewACL = NULL;

        EXPLICIT_ACCESS Access[1];
            BuildExplicitAccessWithName(&Access[0], "Users", GENERIC_ALL, DENY_ACCESS, NO_INHERITANCE);

        SetEntriesInAcl(1, Access, NULL, &pNewACL);

        SetNamedSecurityInfoA(FileName, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewACL, NULL);
    }


    private:
        TCHAR* FileName;
};


int main()
{
    static TCHAR* filename = "New.txt";
    HANDLE hFile = NULL;

    try
    {
        LOCK_FILE File(filename); /// FILE IS UNLOCKED FOR THE DURATION OF ITS LIFETIME WHICH, IN THIS CASE, IS THIS TRY CATCH BLOCK
        hFile = CreateFile(filename, GENERIC_ALL, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); /// OPEN THE FILE IMMEDIATLY AFTER IT IS LOCKED

        if(hFile == INVALID_HANDLE_VALUE)
        {
            throw short(3);
        }
    }
    catch(short& Error)
    {
        std::cout << "ERROR FOUND AT: " << Error << " " << GetLastError() << "\n";
    }

    pause();

    CloseHandle(hFile);

    return 0;
}


The trick here is that the file is normally marked to deny access to all users on the system when your app is not running. When this 'LOCK_FILE' object is created it adjusts those permissions to allow all users on the system access, but it also immediately opens the file with the exclusive access share mode set. This allows your application to interact with the file while denying read+write+etc to everything else. At the end of the objects life time LOCK_FILE's destructor is called restoring it to the previous state of denying everyone access.
Last edited on
Furjoza (54)
There are no easier ways? :(
Computergeek01 (5613)
What do you mean "easier"? I just handed you an 80 Line solution for Windows that you could simply copy and paste into your program, just change the designation of the target file. You have my permission if that's what you're worried about (not that you need it since it was posted to a public forum). JLBorges answer could technically be less code for you to physically write. But keeping track of the state of the files permissions could turn into a chore if it isn't managed correctly and IMHO it would look uglier.

Another option could be to use a simple form of encryption, though a user could simply dump out your key using the strings utility from SysInternals.
Furjoza (54)
Its a game mostly for me to learn and some of my friends to show them my work. None of them are good at programming so that encryption looks interesting. What is it?
Computergeek01 (5613)
Encryption: The process of encoding a message so that it can be read only by the sender and the intended recipient.

This is not a feature of the language, it is something you have to implement yourself. I actually don't recommend this as a solution because in the event of an improper shutdown your data will become corrupted. Other methods of encryption are a whole lot more complex then the code I posted above.

My suggestion at this point: If this is just something you and your friends are writing for fun then don't stall out on this one minor detail. Get going on the fun stuff and come back to this problem later. Have you noticed the "To-Do" feature in your IDE? This is a perfect time to start using it.
Last edited on
Furjoza (54)
Im oldstylish guy, actually Im using sheets of paper, but for sure will check this out. The problem with the code you posted is that Im not good with things I dont truly understand and there are a lot of things in your code Im not sure about. But will try to get through this line by line. Thanks for the advice :)
Topic archived. No new replies allowed.