如何在Windows中的进程之间传输敏感数据?
[英]How to transfer sensitive data between processes in Windows?
问题描述
I would like to transfer user name and password information from one process to another process running on the same server in Windows. 
我想将用户名和密码信息从一个进程转移到Windows中同一服务器上运行的另一个进程。 What is the best approach to achieve this transfer in a secure way? 以安全方式实现此转移的最佳方法是什么? One simple approach is to copy the passwords to a file and then have the other process read from a file and then delete the file once it is read. 一种简单的方法是将密码复制到文件,然后从文件中读取其他过程,然后在读取文件后将其删除。 Though this is simple I am concerned if it is secure though since it is still possible for someone to gain access to this file even though it lives only for a short period of time & also has the possibility of the file being left out if the other processes errors out or crashes. 尽管这很简单,但我担心它是否安全,因为即使文件仅存在很短的时间,仍然有可能有人访问该文件,如果另一个文件也可能被忽略处理错误或崩溃。 IPCs like sockets and named pipes seems to be an overkill for this problem. 套接字和命名管道之类的IPC似乎是解决此问题的过分方法。 I am more inclined towards using memory mapped files as explained in this link below which talks about sharing memory across processes. 我更倾向于使用内存映射文件,如下面此链接所述,它讨论了跨进程共享内存。 Is this the right approach? 这是正确的方法吗? Also, is it a good idea to fill the memory with dummy data prior to freeing/erasing to prevent rouge processes from scavenging data from this memory location? 另外,在释放/擦除之前,用伪数据填充内存是一个好主意,以防止恶意程序从该内存位置清除数据吗?
http://msdn.microsoft.com/en-us/library/aa366551(VS.85).aspx http://msdn.microsoft.com/en-us/library/aa366551(VS.85).aspx
2 个解决方案
解决方案1
4 已采纳 2009-06-12 05:25:22
RPC is your friend here (I wouldn't use named pipes to transfer secured data because they have some serious issues (because they operate in a global namespace and thus are vulnerable to squatting attacks)). RPC是您的朋友(我不会使用命名管道来传输安全数据,因为它们存在一些严重的问题(因为它们在全局名称空间中运行,因此容易受到蹲入式攻击))。
Since the data isn't being passed on the wire, encryption isn't as important as some are describing. 由于数据没有在线传递,因此加密并不像某些人所描述的那样重要。 Instead have one process implement an RPC server and have the other end bind to that server, issue the RPC call with the credentials and destroy the binding handle - that should tear down the intermediate data structures. 取而代之的是,让一个进程实现RPC服务器,并让另一端绑定到该服务器,并使用凭据发出RPC调用并销毁绑定句柄-这将破坏中间数据结构。
Don't forget to securely zero out the memory when you're done using it (otherwise it might get persisted to disk). 使用完内存后,请不要忘记将内存安全地归零(否则它可能会持久存储在磁盘上)。
If you DO want to use encryption, use CryptProtectMemory which will encrypt the data in a fashion that can be used for IPC. 如果要使用加密,请使用CryptProtectMemory,它将以可用于IPC的方式加密数据。
解决方案2
1 2009-06-11 20:10:25
Use some IPC that (1) is not backed to disk, (2) supports ACLs. 使用某些IPC,该IPC(1)不备份到磁盘,(2)支持ACL。
This would seem to indicate named pipes. 这似乎表明已命名管道。
Alternately DCOM and WCF both support content encryption. 另外,DCOM和WCF都支持内容加密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.