在哪里存储应用程序运行所需的敏感信息?
[英]Where to store sensitive information needed for an application to run?
问题描述
I am writing ac# winform desktop application that is in contact with a MYSQL database. 
我正在编写与MYSQL数据库联系的ac#winform桌面应用程序。 Of course I cannot leave the database credentials out in the open hard-coded into the application, so where can I store this information so that a nosey customer will have an extremely tough time locating it? 当然,我不能将数据库凭据公开地硬编码到应用程序中,所以我可以在哪里存储此信息,以便管闲的客户很难找到它?
I understand that if someone is very determined to find this information they will most likely do just that, but I want to be able to hide these credentials from the average Joe, leaving me with some peace of mind at the end of the day. 我知道,如果某个人非常有决心找到这些信息,他们很可能会这样做,但是我希望能够对普通的Joe隐藏这些凭据,让我在一天结束时保持内心的平静。
If your answer is to encrypt the credentials, and hard code the encrypted values into the program, please explain which encryption methods to use. 如果您的答案是对凭据进行加密,并将加密后的值硬编码到程序中,请解释使用哪种加密方法。 Furthermore, where would I store the necessary decryption/encryption keys? 此外,我将在哪里存储必要的解密/加密密钥?
I very much look forward to some interesting responses. 我非常期待一些有趣的回应。
Thank you, 谢谢,
Evan F. 埃文·F。
1 个解决方案
解决方案1
1 已采纳 2011-09-18 02:27:49
http://www.ezzylearning.com/tutorial.aspx?tid=8067328 http://www.ezzylearning.com/tutorial.aspx?tid=8067328
Store it in App.Config File. 将其存储在App.Config文件中。
Check out above tutorial. 查看上面的教程。
You can also check this good article by Microsoft which teach you how to encrypt and retrieve. 您也可以查看Microsoft撰写的这篇不错的文章,教您如何进行加密和检索。
http://msdn.microsoft.com/en-us/library/ms254494.aspx http://msdn.microsoft.com/en-us/library/ms254494.aspx
One of Previous Posts 以前的帖子之一
if you have installed Microsoft Enterprise Library, you can easily encrypt/decrypt using its tool as mentioned in this link 如果您已经安装了Microsoft Enterprise Library,则可以使用此链接中提到的工具轻松加密/解密
http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx http://davidhayden.com/blog/dave/archive/2006/01/23/2744.aspx
http://davidhayden.com/blog/dave/archive/2006/03/02/2870.aspx http://davidhayden.com/blog/dave/archive/2006/03/02/2870.aspx
Also, after the installation, open the project in studio and right click on the web.config or app.config and you will see the option for the configuration though Enterprise Library. 同样,在安装后,在studio中打开项目,然后右键单击web.config或app.config,您将通过企业库看到用于配置的选项。 This option is available in Visual Studio 2005 but I cannot see this in Visual Studio 2008 yet. 该选项在Visual Studio 2005中可用,但是我在Visual Studio 2008中还看不到。 Not sure whether its not compatible with 2008 or I have to follow some installation sequences. 不知道它是否与2008不兼容,或者我必须遵循一些安装顺序。 I will let you guys know if I come across with any solutions. 如果有任何解决方案,我会告诉大家。
This is the link which explains how to work with encryption within studio http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx . 这是说明如何在Studio http://www.pnpguidance.net/Post/EnterpriseLibrary3VisualStudioIntegratedConfigurationEditor.aspx中使用加密的链接。 Read, read & read... 阅读,阅读和阅读...
Keep in mind that once you open the .config file you have luxuary of ecrypting each pieces/blocks seperately. 请记住,一旦打开.config文件,您就可以分别加密每个块。 Thats the beatuy of it. 就是这样。
For your information I am using Enterprise Library 3.1 which is the latest version and has tonnes of tools that makes your life a breeze. 供您参考,我使用的是Enterprise Library 3.1,它是最新版本,并提供大量工具,使您的生活轻而易举。 You can download this library at http://msdn2.microsoft.com/en-us/library/aa480453.aspx . 您可以从http://msdn2.microsoft.com/zh-cn/library/aa480453.aspx下载此库。 Also, look forward for 4.0 at http://www.codeplex.com/entlib 另外,请访问http://www.codeplex.com/entlib以获得4.0版本
Bottom line you can search google along these lines and I am sure it will give you the whole process. 最重要的是,您可以按照以下方式搜索google,我相信它将为您提供整个过程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.