将状态存储在golang二进制文件中
[英]Store the state inside golang binary
问题描述
I am Developing an onpremise solution for a client without any control and internet connection on the machine. 
我正在为客户端开发本地解决方案,而无需在计算机上进行任何控制和互联网连接。
The solution is to be monetized based on number of allowed requests(REST API calls) for a bought license. 该解决方案将根据已购买许可证的允许请求(REST API调用)数量获利。 So currently we store the request count in an encrypted file on the file system itself. 因此,当前我们将请求计数存储在文件系统本身的加密文件中。 But this solution is not perfect as the file can be copied somewhere and then replaced when the requests quota is over. 但是此解决方案并不完美,因为可以将文件复制到某个位置,然后在请求配额结束后将其替换。 Also if the file is deleted then there's manual intervention needed from support. 同样,如果文件被删除,则需要支持人员的手动干预。
I'm looking for a solution to store the state/data in binary and update it runtime (consider usage count that updates in binary itself) 我正在寻找一种以二进制形式存储状态/数据并更新运行时的解决方案(考虑使用二进制本身更新的使用计数)
Looking for a better approach. 寻找更好的方法。
Also binary should start from the previous stored State 同样二进制应该从先前的存储状态开始
Is there a way to do it? 有办法吗?
PS I know writing to binary won't solve the issue but I think it'll increase the difficulty by increasing number of permutation and combinations for places where the state can be stored and since it's not a common knowledge that you can change the executable that would be the last place to look for the state if someone's trying to mess with the system (security by obscurity) PS:我知道写二进制文件不会解决问题,但是我认为,通过增加状态存储位置的排列和组合的数量,这将增加难度,并且由于不常见的知识是可以更改可执行文件,如果有人试图弄乱系统,它将是查找状态的最后一个位置(安全性由默默无闻)
3 个解决方案
解决方案1
5 2019-09-02 06:53:48
Is there a way to do it?
No. 没有。
(At least no official, portable way. Of course you can modify a binary and change eg the data or BSS segment, but this is hard , OS-dependent and does not solve your problem as it has the same problem like an external file: You can just keep the original executable and start over with that one. Some things simply cannot be solved technically.) (至少没有正式的可移植方式。当然,您可以修改二进制文件并更改例如数据或BSS段,但这是困难的 ,取决于操作系统,并且不能解决您的问题,因为它具有与外部文件相同的问题:您可以只保留原始可执行文件,然后重新开始执行。有些事情在技术上根本无法解决。)
解决方案2
0 2019-09-02 07:25:31
如果您的其余API在您的控制之内,并且可以肯定地成为您要获利的部分,那么您将在此处过滤许可的某种证书认证或API密钥,然后可以继续使用API您可以控制的一面,然后再将它放在平面文件或DB等文件中就无关紧要,因为您可以控制它。
解决方案3
0 2019-09-03 00:00:25
Here is a solution to what you are trying to do (not to writing to the executable which) that will defeat casual copying of files. 这是您要解决的问题的解决方案(而不是写入可执行文件),这将挫败文件的随意复制。
A possible approach is to regularly write the request count and the current system time to file. 一种可能的方法是定期将请求计数和当前系统时间写入文件。 This file does not even have to be encrypted - you just need to generate a hash of the data (eg using SHA2) and sign it with a private key then append to the file. 该文件甚至不必加密-您只需要生成数据的哈希(例如使用SHA2)并用私钥对其进行签名,然后附加到该文件即可。
Then when you (re)start the service read and verify the file using your public key and check that it has not been too long since the time that was written to the file. 然后,当您(重新)启动该服务时,请使用您的公钥读取并验证文件,并检查自写入文件以来该文件的时间是否太长。 Note that some initial file will have to be written on installation and your service will need to be running continually - only allowing for brief restarts. 请注意,安装时必须写入一些初始文件,并且您的服务将需要连续运行-仅允许短暂重启。 You also would probably verify that the time is not in the future as this would indicate an attempt to circumvent the system. 您还可能会验证该时间不在将来,因为这表明您试图绕过系统。
Of course this approach has problems such as the client fiddling with the system time or even debugging your code to find the private key and probably others. 当然,这种方法存在一些问题,例如客户端摆弄系统时间,甚至调试您的代码以查找私钥,甚至还有其他人。 Hopefully these are hard enough to act as a deterrent. 希望这些努力足以起到威慑作用。 Also if the service or system is shut down for an extended period of time then some sort of manual intervention would be required. 同样,如果服务或系统长时间关闭,则将需要某种手动干预。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.