the security of xml

[maggie]

As it is knowed that xml can be used as the middle layer of data transform.
But i have a question that how to keep the information secret and how to
guarantee it's security?
Thanks

[Jason]

"maggie" <wxpinetree@21cn.com> wrote:
>
>As it is knowed that xml can be used as the middle layer of data transform.
>But i have a question that how to keep the information secret and how to
>guarantee it's security?
>Thanks

The .NET framework provides a namespace called System.Security.Cryptography.Xml,
which implements the closest thing to the XML Signatures specification known
to man. This can be used to verify that your XML has not changed, and it
is a standard way to do this. Of course, this does nothing to ensure that
people can't look at your XML, it just prevents them from being able to change
it without your knowledge.

The XML Encryption standard is not actually complete yet, and it's not implemented
in .NET anyway. Therefore, if you want to protect your XML data from prying
eyes, you'll have to implement something that is essentially non-standard
to XML.

Might I suggest using the Rijndael algorithm in .NET? System.Security.Cryptography.
Use this along with something like SHA1 to hash your password, and you are
pretty safe. However, if the password is built into your code or stored
on the system, there is always a way to hack in, although it might not be
obvious.

There are also facilities in .NET for securely exchanging keys over an insecure
network, if you need that kind of thing.

Again, a lot of this has nothing to do with XML. You can use this to protect
any data you want to. It's also going to require a fair amount of coding
to do all of this.

Good luck.