堆栈内存溢出
  简体   繁体   English

使用C#执行Powershell脚本是否安全?

[英]Executing a powershell script using C# is secure or not?

 原文  2014-10-13 09:36:17       c#/ asp.net/ powershell-2.0/ powershell-3.0/ powershell-ise

问题描述

I need to execute powershell script using C#.net, so my concern is security in a production environment, is it secured or not to execute a powershell script using C#.net. 我需要使用C#.net执行powershell脚本,所以我关心的是生产环境中的安全性,它是否安全还是不使用C#.net执行powershell脚本。 If not what are the ways to ensure security, also i need to pass parameters dynamically from C#.net code. 如果不是确保安全的方法,那么我还需要从C#.net代码动态传递参数。 Any help/suggestion would be great in concern to security about executing powershell script using c#.net. 任何有关使用c#.net执行powershell脚本的安全性方面的帮助/建议都将非常重要。

Thanx in advance 提前感谢

2 个解决方案

解决方案1
 1  2014-10-13 09:55:36

Apart from Filburt's reply, you can find help on below thread for passing parameters dynamically to your script: 除了Filburt的回复,您还可以在以下线程上找到帮助,以将参数动态传递给脚本:

Using C# to execute PowerShell script with command line args using V2 methods 使用C#使用V2方法通过命令行参数执行PowerShell脚本

解决方案2
 1 已采纳  2014-10-13 10:08:05

on the topic of security: 关于安全性的主题:

Whatever you do, DO NOT BLINDLY PARSE USER DATA! 无论您做什么,都不要盲目分析用户数据! If you spent any time on the internet since August, you'll likely have heard about the ShellShock Bash bug which has sysadmins around the world scrambling to update their Bash client because there was a huge potential for unwanted code execution otherwise. 如果您从八月以来一直在互联网上度过一段时间,您可能会听说过ShellShock Bash错误,该错误使全世界的系统管理员都在争先恐后地更新其Bash客户端,因为否则存在执行有害代码的巨大潜力。 User data should never be trusted, EVER! 永远不要信任用户数据!

Before you send any commands involving user data to PowerShell, validate the command. 在将任何涉及用户数据的命令发送到PowerShell之前,请验证该命令。 verify it against a whitelist of allowed commands, paths and flags. 对照允许的命令,路径和标志的白名单进行验证。 If it doesn't verify properly, don't execute it. 如果验证不正确,请不要执行它。 Also check for user privileges so user A cannot affect data from user B. Keep a log of every command that's executed (which you probably need to do through the application), with the exact command that is executed by PS. 还要检查用户特权,以使用户A不会影响来自用户B的数据。使用PS所执行的确切命令,记录已执行的每个命令(您可能需要通过应用程序执行)的日志。 If possible, run the commands using a user that only has access rights for the correct folder, and only has execute rights for those commands. 如果可能,请使用仅具有正确文件夹访问权限且仅具有那些命令执行权限的用户运行命令。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 HostException使用C#执行Powershell脚本 - HostException executing Powershell script using C# 在C#中执行Powershell脚本失败 - Executing Powershell Script fails in c# 从C#WPF执行PowerShell脚本 - Executing PowerShell script from C# wpf 通过C#执行PowerShell Function脚本 - Executing PowerShell Function Script Through C# 使用 C# 执行 Powershell 命令行开关时出错 - Error executing Powershell commandlets using C# Powershell脚本不能完全从C#应用程序执行 - Powershell Script Not Executing Fully from C# Application 从C#使用Invoke-SqlCmd cmdlet执行PowerShell脚本 - Executing PowerShell Script with Invoke-SqlCmd cmdlet from C# 通过 C# 同时为多个远程主机执行 PowerShell 脚本 - Executing PowerShell script via C# for multiple remote hosts concurrently 使用 CefSharp 在 c# 中执行脚本时出错 - Error executing script in c# using CefSharp 在c#中执行powershell脚本 - Executing powershell scripts in c#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM