简体繁体 English

加密表单应用程序的连接字符串

[英]Encrypting Connection string for a forms Application

原文 2013-01-18 13:49:06 2 2 c#/ winforms/ app-config

I have created a forms application for my project. 我已经为我的项目创建了一个表单应用程序。 I want to host on my website for users to download and test it. 我想在我的网站上托管供用户下载和测试。 Because I am using a configuration manager I have to include the config file along with the .exe as there is a back end remote database for the application. 因为我使用的是配置管理器，所以必须包含配置文件以及.exe，因为该应用程序有一个后端远程数据库。 And of course I only now realize my connection string is there for all to see. 当然，我现在才意识到我的连接字符串在那里有目共睹。 I tried renaming the app.config to web.config, but the aspnet_regiis -pef command just returns a help menu when ran as admin on my vista machine! 我尝试将app.config重命名为web.config，但是当在我的Vista机器上以管理员身份运行时，aspnet_regiis -pef命令仅返回帮助菜单！ Even if this command works and I rename web.config back to app.config, will the machine which runs the app when downloaded automatically decrypt the connection string? 即使此命令有效并且我将web.config重命名为app.config，下载后运行该应用程序的计算机也会自动解密连接字符串吗？ So in conclusion what is the best way for a novice like to approach this dilemma? 因此，总而言之，对于新手来说，解决这种困境的最佳方法是什么？ Why does aspnet_regiis -pef not run? 为什么aspnet_regiis -pef无法运行？ I have also looked at other posts about this topic but unfortunately they have not worked for me so far. 我也查看了有关该主题的其他帖子，但不幸的是，到目前为止，它们对我没有用。

2 个解决方案

Either create user/specific connection string, or wrap all your data access in some web services, where you can control the autorization. 创建用户/特定的连接字符串，或者将所有数据访问包装在某些Web服务中，您可以在其中控制授权。

Creating user specific connection string is the simplest, but may have impact on the DB charge. 创建用户特定的连接字符串是最简单的，但是可能会影响数据库费用。 You can still keep one connection string, but using windows identity to connect. 您仍然可以保留一个连接字符串，但是使用Windows身份进行连接。 In both case, you will have to spent some effort to ensure users won't able to do more than what they are allowed to do. 在这两种情况下，您都必须花费一些精力来确保用户不能做的事情超出允许的范围。

Wrapping your data access in web services is far more manageable but will require an extra work to make it works. 将数据访问包装在Web服务中要容易得多，但是要使其正常工作，还需要进行额外的工作。 Maybe you can take a look at RIA Services . 也许您可以看看RIA服务。 The advantages are multiples: you can control the permissions within the web services, and you are reducing the exposure of unwanted queries. 优点是多方面的：您可以控制Web服务中的权限，并且可以减少不必要查询的暴露。

Please also note that even if you encrypt the connection string in the configuration file, any malicious user will be able to decrypt it. 另请注意，即使您在配置文件中加密了连接字符串，任何恶意用户也将能够对其解密。 A simple decompiler will highlight your decryption key. 一个简单的反编译器将突出显示您的解密密钥。

You could just store an encrypt the connection string in the app.config but you will have to include the encryption key somewhere in the application. 您可以只将加密的连接字符串存储在app.config中，但必须在应用程序中的某个位置包含加密密钥。 Therefore this is not safe because everyone can just decompile the application or attach a debugger and extract the connection string. 因此，这是不安全的，因为每个人都可以反编译应用程序或附加调试器并提取连接字符串。 Or monitor the network traffic. 或监视网络流量。 Actually there is now way you can prevent this from happening - whatever your application can do can be done manually by everyone (with access to the application). 实际上，现在有一种方法可以防止这种情况的发生-您的应用程序可以执行的任何操作都可以由所有人（可以访问该应用程序）手动完成。

The flaw in the design is that the application needs direct access to the database in the first place. 设计中的缺陷在于，应用程序首先需要直接访问数据库。 It is close to impossible to ensure that the database can not be corrupted in this scenario (unless the database is only used for reading data). 确保在这种情况下不会损坏数据库几乎是不可能的（除非数据库仅用于读取数据）。 Essentially you would have to replicate a large portion of your business logic at the database server to ensure that no sequence of requests will corrupt the state. 本质上，您将必须在数据库服务器上复制大部分业务逻辑，以确保没有请求序列会破坏状态。

A better solution would be accessing the database only indirectly through a web service. 更好的解决方案是仅通过Web服务间接访问数据库。 This allows you to perform better and easier to implement server-side validation and even authentication and authorization per user. 这使您可以更好，更轻松地实现服务器端验证，甚至每个用户的身份验证和授权。