使用安全字符串并保证其安全
因此.NET框架提供了 SecureString 类来存储以安全的方式字符串。 但要读取信息并使用它,您必须将其返回为标准字符串。 请参阅此实现示例。
正如您从使用指针的示例中看到的,我们返回一个未加密的字符串。 我们现在如何管理字符串的“不安全”实例? 设置该值后,最安全的处理方式是什么?
编辑
这个问题的目的是讨论在使用 SecureStrings 然后使用这些值时减少潜在攻击的表面积的方法。 不是“重复”链接的“原因”。
So the .NET framework provides the SecureString class for storing strings in a secure fashion. But to read the information and work with it you have to return it to a standard string. See this implementation example.
As you can see from the example using the pointer we return an unencrypted string. How to do we now manage that "insecure" instance of the string? What is the most secure way to work with the value once it has been set?
Edit
The purpose of this question was to discuss methods to REDUCE the surface area of potential attack when using SecureStrings and then working with the values. Not the "why" as to the "duplicate" link.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在放置
SecureString
的内容时 回到String
< /a>,您重新引入使用此处列出的字符串的问题:http://blogs.msdn.com/shawnfa/archive/2004/05/27/143254.aspx
使用
SecureString
,提供了一些选项来编组内容到非托管内存中,以便您可以访问数据,然后在使用完数据后处置数据。这些是托管代码所没有的选项。 在使用非托管字节时,您可以将内存清零,确保它不会分页到磁盘等,这正是您想要减少攻击面的方法。
这里的关键是不创建另一个
String
实例,并以一种在处理这些数据时更容易管理安全性的方式处理数据(不幸的是,这是不受管理的)现在就写代码)。In placing the contents of a
SecureString
back into aString
, you reintroduce the problems of using strings that are listed out here:http://blogs.msdn.com/shawnfa/archive/2004/05/27/143254.aspx
With
SecureString
, there are options that are provided to marshal the contents into unmanaged memory so you can access the data and then dispose of the data when done with it.These are options you just don't have with managed code. In working with unmanaged bytes, you can zero out the memory, make sure it's not paged to disk, etc, etc, which is exactly what you want to do to reduce the attack surface here.
The key here is to not make another instance of
String
and work with the data in a way where security is easier to manage when dealing with this data (which unfortunately, is unmanaged code right now).