Saving Objects To File

I am using Visual Basic 6. I would like a secure way of saving my object data to a file, so it can be reloaded when the program is re-loaded. The ideal way for me to secure my file data would be if I am able to serialize the objects contents to a file. However I have noticed that VB6 does not support serialization while VB.NET does. So I guess my question is two fold.

1) Is a file secure if it is written as a binary file? Or can some one just open and read the binary file if they have VB6 installed on their machine? If this is not the case, or there is some way to write a secure binary file, how do I go about doing it? I know already how to write an ASCII file, but how do I read and write a secure binary file?

2) Is there a way for me to implement my own serialization? If so how would I go about doing it? I noticed a few other posts that suggested using XML, however XML is stored in plain text and anyone would be able to read and access the data.

Since serialization makes an objects data un-readable when it is dumped to a file, this would be perfectly secure for me, the reason for this is, in order to un-serialize that file you would have to have your data structure set up in the exact same format as it was before serialization. For this reason I can be relatively sure that no one would be able to read the serialized file because only I know what format the data structure was in before serialization.

I am wondering if this approach is also possible using a binary file of some sort.

Any input is greatly appreciated; I look forward to your replies.

1) Is a file secure if it is written as a binary file? Or can some one just open and read the binary file if they have VB6 installed on their machine? If this is not the case, or there is some way to write a secure binary file, how do I go about doing it? I know already how to write an ASCII file, but how do I read and write a secure binary file?

I'm not sure what you mean by 'secure' file. Anybody can open any file in an editor and mess about with the contents, be it of type EXE, DLL, BMP or a custom file type. You do not need VB6 to do this, just any binary file editor.

2) Is there a way for me to implement my own serialization? If so how would I go about doing it? I noticed a few other posts that suggested using XML, however XML is stored in plain text and anyone would be able to read and access the data.

I would suggest you provide your objects with a method Serialize to have them save the contents of important internal variables to a file. Then you might have a Deserialize method for loading from a file. At the simplest level your serialization could be simply writing the (binary) value of each variable to the file and then closing it, ensuring that you read them back in the same order. This may get tricky if you've got things like variable-length strings to worry about, but that too can be got around : http://www.elitevb.com/content/01,0070,01/

To save an object status, I just use plain text files. As anybody can mess around with any type of file just by using any old text editor...
The point is then to have enkrypted text.
A very simple function with a key that adds sequently to the chr value and transform the string into an unintelligible one seems to be the easiest way !? Nevetheless you will not stop the possibility of sneeking into the text file and changing characters, the result of which would then be that your program would no longueur understand the properties of the object, do not forget the to have a default setting for your object otherwise the whole thing will bug...

Thank-you all for your reply.

I'm not sure what you mean by 'secure' file. Anybody can open any file in an editor and mess about with the contents, be it of type EXE, DLL, BMP or a custom file type. You do not need VB6 to do this, just any binary file editor.

What I meant by this is when you serialzie a file, it looks like a bunch of garbage when you try to open it in a text editor. Even if you are able to figure out its a binary file, and mess with the digits, at worst you are just going to corrupt the data contained with in the file. However you will not be able to decipher any passwords or usernames. By this I mean that 'serialization' is secure. And the reason I say its secure is one would have to know the extact data format or objects data structure that was used to serailzed the file in order to deserialize it. With binary howerver one could simply peace toghter 8 bits a time, and simply convert back to ASCII. I know I can encrypt the data to make it harder to read, but If I could serialze the file somehow I would not need to encrypt and would cut down on overhead.

Any Ideas on serialization?

Isn't that a simple encryption method will do the trick? I don't think serialization is meant for security purposes...

You are correct, serialization is not ment for security, however it does have the added benifit of making your data more secure, by making it less readable.

Serialziation is also needed in my case so that I can save data from multiple objects to a binary file, then to reload that data once the application is started up again.

Has anyone ever successfully implemented Serialization inside of thier VB application? If so I would be extreemly interested in getting some pointers.

Thanks again to everyone for their replies.