堆栈内存溢出
  简体   繁体   English

您可以将变量传递到C#编译器代码中吗?

[英]Can you pass a variable into the C# compiler code?

 原文  2015-07-28 16:26:54       c#/ compiler-construction/ codedom

问题描述

Here's my current situation - I have an application that compiles C# code taken in as a string, using CodeDom. 这是我目前的情况-我有一个使用CodeDom编译以字符串形式接收的C#代码的应用程序。 I have a SecureString that stores a password and I was wondering if there would be any way to pass that SecureString variable into the compiled code as a SecureString? 我有一个存储密码的SecureString,我想知道是否有任何方法可以将该SecureString变量作为SecureString传递到已编译的代码中?

Here is some example code: 这是一些示例代码: 

SecureString securePassword = getSecurePass();

string codeString =
        @"using System;
        using System.Security;

        namespace SomeProgram
        {
            class MyClass
            {
                static void Main(string[] args)
                {
                    SecureString securePass = new SecureString();
                    // somehow set this equal to the securePassword variable
                }
            }
        }";


// Compiler Code
CodeDomProvider codeProvider = CodeDomProvider.CreateProvider("CSharp");
string outFile = "output.exe"; 

System.CodeDom.Compiler.CompilerParameters parameters = new CompilerParameters();
parameters.GenerateExecutable = true;
parameters.OutputAssembly = outFile;
CompilerResults results = codeProvider.CompileAssemblyFromSource(parameters, codeString);

I can't find a way to do this and I imagine that this isn't actually possible and instead I should possibly just store the password in an encrypted file and read it from that? 我找不到执行此操作的方法,并且我想这实际上是不可能的,而应该将密码存储在加密文件中并从中读取密码?

2 个解决方案

解决方案1
 4  2015-09-08 21:43:26

I think you're confused about the concepts. 我认为您对这些概念感到困惑。 You're trying to compile the password into an exe file, and you think that SecureString will keep your password secure. 您正在尝试将密码编译为exe文件,并且您认为SecureString将使您的密码安全。 That's not what the SecureString is for. 那不是SecureString目的。 Read the documentation : 阅读文档

(SecureString) Represents text that should be kept confidential, such as by deleting it from computer memory when no longer needed. (SecureString)表示应保密的文本,例如在不再需要时从计算机内存中删除它。

SecureString will only protect your in-memory password by 1) encrypting it while it is in the memory so no other apps can sniff it, and 2) removing it from the memory once you're done with it. SecureString仅通过以下方式保护您的内存密码:1)在内存中对其进行加密,以使其他应用程序都无法嗅探,以及2)完成后将其从内存中删除。

If you compile your password into an exe, a hacker can easily get it from there even if it is encrypted. 如果将密码编译为exe,即使已加密,黑客也可以轻松地从那里获取密码。 In fact, getting it from the exe is much easier than getting it from the memory. 实际上,从exe文件中获取要比从内存中获取要容易得多。 Encrypting it will only make it a bit harder, but a skilled hacker can still decrypt it after finding the key. 对其进行加密只会使其变得更难,但是熟练的黑客仍然可以在找到密钥后对其进行解密。 The suggestion given by Gseg to compile it as an embedded resource and your suggestion of encrypting it in a text file, both will have the same issue. Gseg提出的将其编译为嵌入式资源的建议,以及您将其加密为文本文件的建议,都将具有相同的问题。

It all comes down to the encryption key, where is it stored? 全部归结为加密密钥, 它存储在哪里? If you store it in the exe file (because you need your app to be able to decrypt it), then the hacker will be able to find the key and use it to decrypt your password. 如果将其存储在exe文件中(因为您需要您的应用程序才能对其进行解密),则黑客将能够找到密钥并将其用于解密密码。 You will need to store it outside the exe in a way that is not reachable by the hacker. 您将需要以黑客无法访问的方式将其存储在exe外部。 So the real issue that you need to think about is: Where to store the encryption key so the app can read it, but the hacker cannot? 因此,您需要考虑的真正问题是: 将加密密钥存储在哪里,以便应用程序可以读取它,但黑客却不能? .

Now, when your app retrieves the key, then now you can decrypt the password to a SecureString variable to protect it while it is in memory and remove it afterwards. 现在,当您的应用检索密钥时,现在您可以将密码解密为SecureString变量,以保护它在内存中,然后将其删除。

解决方案2
 1  2015-07-28 16:34:35

Well all you need is to figure a way to change SecureString to System.String . 那么,您所需要的只是找到一种将SecureString更改为System.String

Already answered here : How to convert SecureString to System.String? 已经在这里回答: 如何将SecureString转换为System.String? 

string codeString =
    String.Format(@"using System;
    using System.Security;

    namespace SomeProgram
    {
        class MyClass
        {
            static void Main(string[] args)
            {
                SecureString securePass = new SecureString();
                {0} // use it the way u like
            }
        }
    }", SecureStringToString(securePassword));

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Dispatcher是您可以在C#中传递的对象吗? - Is Dispatcher an object you can pass in C#? 将Javascript变量传递给C#代码 - Pass Javascript Variable To C# Code Behind 我在 C# 上遇到编译器错误你能帮帮我吗? - I get Compiler Error on C# Can you help me? C#编译器可以编译VB.Net代码吗? - Can C# compiler compile a VB.Net code? Haxe 编译器可以将任何 C# 代码转换为 Haxe 吗? - Can Haxe compiler convert any C# code to Haxe? C#编译器会优化此代码吗? - Will the C# compiler optimize this code? 用于C#代码的csc编译器 - csc compiler for C# code 无法将变量从JQuery AJAX传递到后面的C​​#代码 - Can't pass variable from JQuery AJAX to C# code behind C#中的C / C ++代码编译器 - C/C++ Code Compiler in C# 当它们共享相同的名称时,如何告诉C#编译器符号是类型而不是变量? - How do you tell the C# compiler that a symbol is a type and not a variable when they share the same name?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM