堆栈内存溢出
  简体   繁体   English

Powershell运行空间/会话的安全性如何

[英]How secure is a powershell runspace/session

 原文  2011-11-30 14:19:43       powershell

问题描述

If i create a powershell runspace, either programatically with .NET or just by launching the powershell console; 如果我创建Powershell运行空间,则可以通过.NET编程或仅通过启动Powershell控制台来创建; How secure are the scripts/commands that are run? 运行的脚本/命令的安全性如何?

I'm not speaking about signing scripts, but the actually memory space that the scripts are run in. 我不是在谈论签名脚本,而是在运行脚本的实际内存空间。
I'm worried that if sensitive information is gathered as part of the script (a sql query into a salary database for example) that someone could hack this data out. 我担心如果敏感信息作为脚本的一部分(例如,向薪资数据库进行sql查询)而被收集,则有人可能会窃取该数据。

I know most people are thinking SecureString at this point, i know about SecureString.... I'm wanting to know specifically about the powershell runspace, not how to store strings securely inside a runspace (lets hope that last sentence didn't just answer my own question). 我知道大多数人此时都在考虑SecureString ,我知道SecureString...。我想专门了解Powershell运行空间,而不是如何在运行空间内安全地存储字符串(希望最后一句话不只是回答我自己的问题)。

Specifically : Are other applications/scripts/whatever able to peer into the runspace and see the commands i'm running? 特别是其他应用程序/脚本/其他工具是否能够查看运行空间并查看我正在运行的命令?

1 个解决方案

解决方案1
 0  2011-11-30 17:11:01

Powershell script security works by controlling whether or not a script is "allowed" to run on your machine. Powershell脚本安全性通过控制是否“允许”在计算机上运行脚本来起作用。 If you have a machine running an execution policy of "AllSigned", that machine will require the Powershell script to be signed by a trusted certificate. 如果您的计算机运行的执行策略为“ AllSigned”,则该计算机将要求Powershell脚本由受信任的证书签名。

Scott Hanselman has a really good article on it here . 斯科特·汉塞尔曼(Scott Hanselman)在这里有一篇非常好的文章。

To my knowledge, your command history isn't permanently saved. 据我所知,您的命令历史记录不会永久保存。 You can do a "get-history" to see the commands you've entered in your current session, but it's not like linux/unix where "history" will contain all of the commands you've ever run on the system. 您可以执行“ get-history”来查看您在当前会话中输入的命令,但这与linux / unix不同,“ history”将包含您曾经在系统上运行的所有命令。 As far as other applications being able to "peer into" or query your session, I have no idea. 至于其他应用程序能够“窥见”或查询您的会话,我也不知道。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Powershell:在运行空间会话中创建文件 - Powershell: Create file in runspace session 如何在PowerShell中使用运行空间建立和进入远程会话 - how to establish and enter a remote session using runspace in powershell 创建RunSpace时如何使用PowerShell 2或3? - How to PowerShell 2 or 3 when creating RunSpace? 如何在C#中获取Powershell运行空间状态 - How to get powershell runspace status in c# 如何在不同的运行空间中运行功能,PowerShell - How to run function in different runspace, PowerShell 如何通过引用 Powershell 作业或运行空间传递变量? - How to pass variable by reference to Powershell job or runspace? 如何为PowerShell提供C#RunSpace? - How to provide C# RunSpace for PowerShell? PowerShell - 如何在运行空间中导入模块 - PowerShell - How to Import-Module in a Runspace 在远程powershell会话c#运行空间期间复制文件 - Copy file during remote powershell session c# runspace Powershell /线程中的运行空间 - powershell / runspace in a thread
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM