WPF PasswordBox中的密码的安全性好处是不可绑定的?
[英]Safety benefits of the Password in WPF PasswordBox not being bindable?
问题描述
I just stumbled across the fact that the Password property of WPF PasswordBox es is not bindable for security reasons , which makes using them quite cumbersome in a MVVM context. 
我偶然发现,由于安全原因 ,WPF PasswordBox es的Password属性不可绑定,这使得在MVVM上下文中使用它们非常麻烦。 Answers like https://stackoverflow.com/a/1493330/3198247 suggest that otherwise, the password might be stored in plain text in memory at runtime, which would be a bad idea since it could potentially be read by malware. 像https://stackoverflow.com/a/1493330/3198247这样的答案表明,否则,密码可能会在运行时以明文形式存储在内存中,这可能是一个坏主意,因为它可能被恶意软件读取。
However, I still don't seem to understand the reason in general or that answer. 但是,我似乎仍然不理解一般或那个答案的原因。 There, it says Keeping your password in plain text on the client machine RAM is a security no-no. 它说,在客户端机器RAM上以明文形式保存密码是一种安全禁忌。 . 。 However, the password is in memory as soon as it is typed as I'm able to access it from code. 但是,一旦输入密码,密码就会在内存中,因为我可以从代码中访问密码。 So why would malware not be able to read it directly from the textbox? 那么为什么恶意软件无法直接从文本框中读取它呢? Am I missing another point here? 我在这里错过了另一个观点吗?
edit: To clarify, esp. 编辑:澄清,尤其是 w/ regards to Sheridan's answer: Assume a PasswordBox where a user types "pw" as his password. w /关于Sheridan的回答:假设一个PasswordBox用户输入“pw”作为他的密码。 Then, clearly "pw" is in memory as I can retrieve it via PasswordBox.Password . 然后,显然“pw”在内存中,因为我可以通过PasswordBox.Password检索它。 Why is it then insecure to additionally be able to bind it to a string property of a ViewModel? 为什么另外能够将它绑定到ViewModel的字符串属性是不安全的? Then, "pw" would at most be contained in two strings, but as far as I can see, this should not make it any more or less secure. 然后,“pw”最多会包含在两个字符串中,但据我所知,这不应该使它更安全。 Or is the point really to "remind" the programmer that the PW should not be stored for longer than needed? 或者重点是“提醒”程序员PW不应该存储超过需要的时间?
2 个解决方案
解决方案1
1 2014-03-19 23:35:42
Have a read of this answer Why is char[] preferred over String for passwords? 读一下这个答案为什么char []比字符串更适合密码? I know it is java but I believe the same rule apply. 我知道这是java,但我相信同样的规则适用。 But depending on the level of security required for your system it should be enough. 但是,根据系统所需的安全级别,它应该足够了。 Theres always ways that malware will obtain information eg keylogging but theres only so much you can do. 总是有恶意软件获取信息的方式,例如键盘记录,但你只能这么做。
解决方案2
-1 2014-03-19 17:15:28
You are missing something. 你失去了一些东西。
Plain passwords should never be stored in a database. 平原密码不应该被存储在数据库中。 Instead, passwords are encrypted and then stored in the database. 相反,密码被加密, 然后存储在数据库中。 When a user tries to log in, they type their text which you should immediately encrypt and compare to the encrypted password from the database . 当用户尝试登录时,他们会键入他们应立即加密的文本,并与数据库中的加密密码 进行 比较 。
Therefore, we never see the unencrypted password, either in the database, or the code. 因此,我们永远不会在数据库或代码中看到未加密的密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.