简体繁体 English

不使用数据库或 .xml 文件存储敏感数据的最佳方法

[英]Best approach for storing sensitive data without using a database or an .xml file

原文 2020-04-24 23:29:35 3 2 c#/ xml/ security/ inno-setup

I'm developing an application in c# which uses an.xml file to obtain information that is used inside the logic of the app.我正在 c# 中开发一个应用程序，它使用 .xml 文件来获取应用程序逻辑内部使用的信息。 When a new version of the app is launched, a setup is created (using Inno Setup Compiler) and after successfully installing the setup, the.xml is placed inside the setup files of the app.启动新版本的应用程序时，会创建一个设置（使用 Inno Setup Compiler），并在成功安装该设置后，将 .xml 放在应用程序的安装文件中。 This.xml file contains about 200 objects with 4 properties each of sensitive data. This.xml 文件包含大约 200 个对象，每个对象具有 4 个敏感数据属性。

I got asked to launch a customer version of the app, and a requirement for this version is to remove the access or manipulation of this.xml file, since it contains sensitive data that the customer should not be able to see or manipulate.我被要求启动该应用程序的客户版本，该版本的要求是删除对 this.xml 文件的访问或操作，因为它包含客户不应看到或操作的敏感数据。

My senior engineer told me to simply implement the information inside a list in the source code , so that the use of the.xml file is removed and the customer can't manipulate this info once installed the app, as it would be hidden inside the source code, but this seems really inefficient for me and i would need to change a lot of logic about the use of the.xml file inside the app for this to work.我的高级工程师告诉我只需在源代码中实现列表中的信息，这样就可以删除 .xml 文件的使用，并且客户一旦安装了应用程序就无法操作此信息，因为它会隐藏在源代码，但这对我来说似乎效率很低，我需要更改很多关于在应用程序中使用 .xml 文件的逻辑才能使其工作。

Is there a way to create a setup of the app and hiding this file in the setup files so it cant be manipulated by the customer?有没有办法创建应用程序的设置并将此文件隐藏在设置文件中，以防止客户对其进行操作？
If there isn't, what approach could you suggest me to do?如果没有，您可以建议我采用什么方法？ Or do i have no options but to do this the hard way?或者我别无选择，只能以艰难的方式做到这一点？

2 个解决方案

If you want to make it harder for the end user to modify the information, while still keeping a separate configuration file that won't require code change of the application itself, you can sign the file and have the application verify the signature.如果您想让最终用户更难修改信息，同时仍保留不需要更改应用程序本身代码的单独配置文件，您可以对该文件签名并让应用程序验证签名。

A simplest way is to to calculate a hash of a file and "secret" value.最简单的方法是计算文件的 hash 和“秘密”值。 Of course it is hardly tamperproof.当然，它很难防篡改。 But in the end, there's no tamperproof way to prevent a user from manipulating data on his/hers own computer.但最终，没有任何防篡改方法可以防止用户在他/她自己的计算机上操纵数据。 It's only about how hard you want to make it.这只是关于你想做多难。

A better way would be to use a proper certificate for the signature.更好的方法是使用适当的证书进行签名。 The application will know only the public key and will use it to verify a signature created with a private key, which will never leave the development team.应用程序将只知道公钥，并将使用它来验证使用私钥创建的签名，而私钥永远不会离开开发团队。

From a theoretical standpoint, if your program can get hold of the data, then a user with full control of the computer on which the program is running can also get hold of the data if they try hard enough.从理论上讲，如果您的程序可以获取数据，那么完全控制运行该程序的计算机的用户如果足够努力，也可以获取数据。 That means you can make it difficult for them, but you can't make it impossible.这意味着你可以让他们为难，但你不能让他们变得不可能。 So if that's what you're trying to achieve, you need to be quite clear about the limitations of the approach.因此，如果这就是您想要实现的目标，您需要非常清楚该方法的局限性。

How difficult should you make it?你应该让它有多难？ Well, if it's purely a commercial risk, you should make it hard enough that the cost of getting the data is greater than the benefit.好吧，如果这纯粹是一种商业风险，那么你应该让它变得足够困难，以至于获取数据的成本大于收益。 If the risk can't be measured in that way, for example if there are legal requirements for you to protect the data, then that isn't going to be good enough.如果无法以这种方式衡量风险，例如，如果法律要求您保护数据，那么这还不够好。

For some situations, it's probably enough to encrypt the XML file, and bury the decryption key deep within the logic of a compiled program written in a language that doesn't allow easy decompilation.在某些情况下，加密 XML 文件可能就足够了，并将解密密钥深埋在用不允许轻松反编译的语言编写的编译程序的逻辑中。 That's likely to be better than simply burying the XML data within the compiled program, which is what your senior engineer is suggesting.这可能比简单地将 XML 数据埋在编译程序中要好，这是您的高级工程师的建议。 But her suggestion may be OK too.但她的建议也可以。 It really shouldn't be too difficult to change the program logic from reading an external file to reading a string constant within the program.将程序逻辑从读取外部文件更改为读取程序中的字符串常量确实不难。