实用/应用应用安全
好吧,这是我的问题。 我正在开发一个最终将是多层的游戏引擎。 该引擎允许使用 .Net 语言或 Lua(内置脚本引擎)编写游戏。 但为了安全起见,我想阻止人们查看这些文件,当然也阻止他们编辑它们。 我的解决方案是创建一个带有加密标头的虚拟文件系统。 这样就很难发现游戏数据文件的内容,并且如果有人这样做,他们将无法在没有密钥的情况下编辑它们,否则它将无效。
当前游戏的另一个问题是它连接到 SQL 数据以获取某些数据,这意味着数据库连接字符串和密码存储在应用程序内部。
但是,如何处理在 .Net 应用程序中存储密码的问题? 我知道它们可以被反编译,并且将密钥存储在可读的配置文件中是没有意义的,那么大多数专业人士是如何做到的呢?
Alright so here is my issue. I'm working a game engine that will eventually be multilayer. this engine allows games to be written in either a .Net language or Lua (the built in scripting engine). For security however I'd would like to prevent people from viewing these files and of course prevent them from editing them. My solution was to make a Virtual File System with encrypted headers. This way it would be difficult to discover the contents of the game data files, and if somehow someone did, they wouldn't be able to edit them without the key otherwise it would be invalid.
Another issue with the current game is that it connects to a SQL data to get certain data, this means the DB connection string and password is stored inside the application.
However, how do you deal with storing passwords inside a .Net application? I know for a fact that they can be decompiled and it wouldn't make sense to store secret keys inside a readable configuration file so how do most professionals do it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
通常,客户端应用程序不直接连接到数据库。 相反,连接到代表应用程序处理远程调用的服务器。 在这种情况下,唯一需要数据库密码的是服务器。
在现代 .Net 世界中,服务器通常使用 WCF 构建
Typically client applications do not directly connect to the database. Instead the connect to a server which handles the remote calls on behalf of the application. In such a scenario the only thing that needs the password to the database, is the server.
In modern .Net world the server is usually built using WCF