堆栈内存溢出
  简体   繁体   English

安全地使用加密文件

[英]Using an encrypted file securely

 原文  2010-01-10 14:18:55       encryption/ temporary-files/ file-security

问题描述

I'm writing an application with a dBASE database file in Borland Delphi 7. 我正在Borland Delphi 7中使用dBASE数据库文件编写应用程序。

Note: I think this question is file-security related and you can forget the dBASE thing (consider it as a TXT file) in this question. 注意:我认为这个问题与文件安全​​性有关,您可以在此问题中忘记dBASE(将其视为TXT文件)。

The database must be accessed just by the application. 该数据库只能由应用程序访问。 Then it must be encrypted. 然后必须对其进行加密。 Unfortunately dBASE doesn't support any password mechanism and i had to encrypt the file by myself (and i also HAVE to use dBASE) 不幸的是,dBASE不支持任何密码机制,我不得不自己加密文件(而且我也不得不使用dBASE)

What approach do you suggest to secure the database file? 您建议采用哪种方法来保护数据库文件?

The simple one is: 简单的是:

  1. Encrypting the database file and placing it near beside the application EXE file. 加密数据库文件并将其放置在应用程序EXE文件旁边。
  2. When the application runs, it should decrypt the file (with a hard-coded password) and copy the result to a temporary file that has DeleteOnClose and NoSharingPermission flags. 应用程序运行时,应解密文件(使用硬编码密码),然后将结果复制到具有DeleteOnCloseNoSharingPermission标志的临时文件中。
  3. When Closing, application should encrypt the temp dBASE file and replaces the old encrypted file with the new one. 关闭时,应用程序应加密temp dBASE文件,并用新的替换旧的加密文件。

I think this is a fair secure approach. 我认为这是一种公平安全的方法。 But it have two big problems: 但这有两个大问题:

  1. With an undelete tool the user can restore and access to the deleted temp file. 使用撤消删除工具,用户可以还原并访问已删除的临时文件。
  2. Worse: When application is running, if the system rebooted suddenly the DeleteOnClose flag fails and the temp file remains on hard disk and user can access it. 更糟:应用程序运行时,如果系统突然重新启动,则DeleteOnClose标志失败,并且临时文件仍保留在硬盘上,用户可以访问它。

Is there any solution for, at least, the second part? 至少对于第二部分有什么解决方案吗?

Is there any other solution? 还有其他解决方案吗?

2 个解决方案

解决方案1
 1 已采纳  2010-01-11 00:03:40

You could also try to create a TrueCrypt file-based containter, mount it, and then put the dBase file inside the mounted encrypted volume. 您也可以尝试创建一个基于TrueCrypt文件的容器,将其安装,然后将dBase文件放入已安装的加密卷中。 TrueCrypt is free (in both senses) and it's accessible via command line parameters from your application (mount before start, unmount before quit). TrueCrypt是免费的(从两种意义上来说都是免费的),并且可以通过您的应用程序中的命令行参数进行访问(在启动之前安装,在退出之前卸载)。

解决方案2
 0  2010-01-10 23:55:51

Depending on what you're doing with the database, you may be able to get away with just decrypting the records you actually need. 根据您对数据库所做的操作,仅解密实际需要的记录就可以摆脱困境。 For example, you could build indexes based on hash codes (rather than real data); 例如,您可以基于哈希码(而不是真实数据)建立索引; this would reduce seeks into the database to a smaller set of data. 这样可以将对数据库的搜索减少到较小的数据集。 Each record in the subset would have to be decrypted, but this could be a lot better than decrypting the entire database. 子集中的每个记录都必须解密,但这可能比解密整个数据库要好得多。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 是否可以将所有加密设置安全地嵌入加密文件中? - Is it possible to securely embed all encrytion settings on a encrypted file? 使用Cookie将加密的第三方密码安全存储在数据库中 - Using cookies to securely store encrypted third-party passwords in DB 安全地还原ecryptfs加密备份 - securely restoring an ecryptfs encrypted backup 使用自定义URL方案+加密的URL查询字段在两个iOS应用程序之间安全地传输数据 - Securely transfer data between two iOS applications using custom URL scheme + encrypted URL query fields 在Spring中使用加密属性文件 - Using encrypted property file with Spring 使用cer文件加密的Xml - Encrypted Xml using cer file 安全地存储无法加密的凭据 - Securely storing credentials that can't be encrypted 如何读取使用AES算法加密的加密文件并解密? - How to read an encrypted file which was encrypted using AES algorithm and decrypt it? 使用Cipher RSA编写加密的PDF文件 - Writing an encrypted PDF file using Cipher RSA 有没有办法使用 Python 库解密加密文件? - Is there a way to decrypt an encrypted file using Python libraries?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM