简体繁体 English

C＃mysql连接实践

[英]C# mysql connection practices

原文 2010-01-16 04:25:53 4 3 c#/ mysql/ security

If a C# application connects to a mysql server from a client, how do I store the mysql username/password for the connection? 如果C＃应用程序从客户端连接到mysql服务器，如何存储连接的mysql用户名/密码？ If I have it in a config file or embedded in the source it can be found by reverse engineering. 如果我将它放在配置文件中或嵌入源中，可以通过逆向工程找到它。 It is not possible to give all users a MySql password. 无法为所有用户提供MySql密码。

Also, I have a log in for the application. 另外，我有一个登录应用程序。 How do I enforce that the user goes through the login process and does not just reverse engineer and comment out the C# code verifying the log in? 如何强制用户完成登录过程，而不仅仅是反向工程和注释掉验证登录的C＃代码？

Is there anyway manage these connections between MySql and a client side application or must there be a third program on the server side interacting with the database locally to be secure? 无论如何管理MySql和客户端应用程序之间的这些连接还是必须在服务器端有第三个程序在本地与数据库交互以保证安全？

3 个解决方案

Perhaps you can have a two-stage system: Have a SQL account whose only permission is to execute a stored procedure taking the user's username and password and giving them the credentials to use for the real account. 也许您可以拥有一个两阶段系统：拥有一个SQL帐户，其唯一权限是执行存储过程，获取用户的用户名和密码，并为其提供用于真实帐户的凭据。 When the user logs in, you connect using the restricted account, get the credentials for the real account, and then do your work using that account. 当用户登录时，您使用受限帐户进行连接，获取真实帐户的凭据，然后使用该帐户进行工作。 You can change the SQL password fairly frequently, too. 您也可以相当频繁地更改SQL密码。 If you suspect a user of foul play, have the procedure return them a different set of credentials, and track those credentials. 如果您怀疑用户犯规，请让程序返回一组不同的凭据，并跟踪这些凭据。

For Winform clients that connect directly to the db this is an age old (10 years or so?) question that may never be solved. 对于直接连接到db的Winform客户端，这是一个可能永远无法解决的古老问题（10年左右？）。

The problem is that no matter how you encrypt or obfuscate the connection string there will always be a point in time at which the string will be represented as plain text in the client computer's memory and therefore hackable. 问题是无论你如何加密或混淆连接字符串，总会有一个时间点，字符串将在客户端计算机的内存中表示为纯文本，因此是可以破解的。

You have been recommended options by other SOers, i just thought i'd point out what you're trying to work around. 您已被其他SOers推荐选项，我只是想我会指出您正在尝试解决的问题。

Here is the problem. 这是问题所在。 You are trusting the end user with the binaries which will call MySQL queries. 您信任最终用户的二进制文件将调用MySQL查询。 This means, beyond any shadow of a doubt, that a clever user could "take control" and run queries directly. 这意味着，除了任何疑问之外，聪明的用户可以“控制”并直接运行查询。

There are things you can do to improve the situation. 你可以采取一些措施来改善这种状况。 It sounds like you are on a LAN. 听起来你在局域网上。 Why can't you give each user their own database user? 为什么不能给每个用户自己的数据库用户？ That means that the authentication is (a) taken care of for you, and (b) you can use "real" MySQL permissions to limit what harm they can do. 这意味着身份验证是（a）为您照顾，并且（b）您可以使用“真正的”MySQL权限来限制他们可以做的伤害。 Also, you could use stored procedures and give them only access to the procs, really limiting what they can do. 此外，您可以使用存储过程并只允许它们访问过程，这实际上限制了它们可以执行的操作。

You could also consider re-writing as a web-application where you process everything on the server out of their reach. 您还可以考虑重写为Web应用程序，您可以在其中处理服务器上的所有内容。

However, is there really a problem here, or are you just being theoretical? 但是，这里真的有问题，还是你只是在理论上？