[英]Proper Way to Store Passwords in Temporary XML Config File
I have created a program that launches a separate child process that performs tasks on files. 我创建了一个程序,该程序启动一个单独的子进程,该子进程对文件执行任务。 Some of these files are password protected, so in order for the child process to run on these files, it needs their passwords.
其中一些文件受密码保护,因此为了使子进程在这些文件上运行,它需要它们的密码。 My plan to accomplish this is to pass an XML config file containing all the file paths and passwords similar to this:
我要实现的计划是传递一个XML配置文件,其中包含所有类似于以下内容的文件路径和密码:
<Files>
<File>
<Path>C:\Users\hahaha\hehehe\file2</Path>
<Password>123456abc</Password>
</File>
<File>
<Path>C:\Users\blablaa\abc\file1</Path>
<Password>123456abc</Password>
</File>
</Files>
This information stays on the local machine and is never passed through a network. 此信息保留在本地计算机上,并且永远不会通过网络传递。 This XML config file is created within the parent process.
此XML配置文件是在父进程中创建的。 The child process takes a string representing the path to this XML config file as an argument.
子进程将代表此XML配置文件路径的字符串作为参数。 The child process will then parse the XML file and then create a dictionary out of the files and passwords ((key, value) => file path, password).
然后,子进程将解析XML文件,然后根据文件和密码((键,值)=>文件路径,密码)创建字典。 After the process completes the config file can be deleted.
该过程完成后,可以删除配置文件。
My question is this: What is the best practice and method for storing the passwords in the config file? 我的问题是:将密码存储在配置文件中的最佳实践和方法是什么? I assume that encrypting them would be sufficient.
我认为加密它们就足够了。 Or if there is an entirely different method that is better, what would that look like?
或者,如果有完全不同的方法更好,那会是什么样?
A. Idea is to use Windows Password Manager. 答:想法是使用Windows密码管理器。
B. Idea is to create certificate for application in user personal store using CryptoAPI B.想法是使用CryptoAPI为用户个人商店中的应用程序创建证书
To gain access to the XML bad guy will need to break into the other user account. 为了获得对XML的访问权,坏蛋需要进入其他用户帐户。 If the password will be resetted by admin then all that staff will be lost.
如果密码将由admin重置,则所有人员将丢失。
But storing data in a temporary file just to pass it to a child process is a kinda childish thing. 但是将数据存储在临时文件中只是为了将其传递给子进程是一种幼稚的事情。 Proper way is to use any of this one to accomplish that task
正确的方法是使用任何一种方法来完成该任务
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.