I have a file in which I am writing the content using the below C# code.
ConcurrentDictionary<string, DateTime> _jobsAck;
public void SaveToDisk()
{
var binaryFormatter = new BinaryFormatter();
using (var stream = File.Open(BINARY_FILENAME, FileMode.OpenOrCreate))
{
binaryFormatter.Serialize(stream, _jobsAck);
}
}
I am reading this file and deserializing using the below C# code.
public void LoadFromDisk()
{
if (!File.Exists(BINARY_FILENAME)) return;
var binaryFormatter = new BinaryFormatter();
using (var stream = File.Open(BINARY_FILENAME, FileMode.Open, FileAccess.Read))
{
var deserializedStream = binaryFormatter.Deserialize(stream);
_jobsAck = deserializedStream as ConcurrentDictionary<string, DateTime>;
if (_jobsAck == null)
{
_jobsAck = new ConcurrentDictionary<string, DateTime>();
if (!(deserializedStream is Dictionary<string, DateTime> ackDict)) return;
foreach (var pair in ackDict)
{
_jobsAck.TryAdd(pair.Key, pair.Value);
}
}
}
}
We have been asked not to use the BinaryFormatter because it has some security-related issues. So Is there any alternative way which could read/write in binary format?
.Net framework version: 4.7.2
If your customers already have data saved with binaryFormatter you need to keep it for reading files, regardless of its security issues, until you have migrated all, or most, of your customers to some new format. There is to my knowledge no publish specification of the format for BinaryFormatter, nor any other compatible libraries. And even if there where, I'm not sure it could solve the security problems, since the problems are inherent to the format itself.
So the first step should be to create a new format, using some well designed serialization library. I mostly use json and protobuf (.net), but there are plenty of good alternatives, see https://softwarerecs.stackexchange.com/ if you want recommendations. Just about anything should be better than BinaryFormatter.
You should then update your application so that it can no longer save files using binaryFormtter, only in your new format. Depending on your exact use case you might be able to convert saved data as soon as the new version is installed, in other cases you might only be able to do so when a user explicitly saves a file.
Once your updated application with support for the new format has been out for a while you can start thinking about removing support for BinaryFormatter. Users of older versions might be forced to update to an intermediate version and convert their files. Or you might publish a separate tool that only does conversions between the old format and the new format. You could also add a security warning when opening a file in the old format, to at least warn the user of the risk.
The main point here is that the sooner you introduce a new format, the sooner you can drop support for the old format. The length of this process will largely depend on your support commitments to customers, and willingness to make breaking changes.