如何不硬编码密码?
在我的最后一个问题“用于存储秘密的便携式数据库”迄今为止最好的答案 告诉使用 sqlite-crypt。
阅读 sqlite-crypt 文档,打开数据库的新参数是密码。 当然,我不想对密码进行硬编码,所以我在想存储密码的最佳、简单且快速的方法是什么?
In my last question "Portable database for storing secrets" the best answer until now tell to use sqlite-crypt.
Reading sqlite-crypt docs, the new param for open the database is the pass-phrase. Of course, I don't want hardcode the password, so I was thinking what the best, simple and fast method to store that password?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
一些选项。
要求用户提供一个密钥(也就是他们记住一个密码来获取所有密码)(好主意)
在应用程序首次启动时创建一个密钥,然后以您自己独特的方式对其进行哈希处理(坏主意)
使用上述的混合,又名给用户一个或两个选项(记住我的密码复选框)
Some options.
Ask the user for a passkey (aka they memorize one password to get to all their password) (good idea)
Create a key on the first startup of the app, which is then hashed in your own unique way (bad idea)
Use a mixture of the above, aka give users the options of one, or two (remember my password checkbox)
您很好必须将其存储在用户中。
否则,您只是用其他安全机制代替您所询问的安全机制...
大卫在 Infamy 的回答评论中的观点很好理解。 人们应该允许一定的灵活性,以防用户在较低层处理保护......所以,去投票支持 Infamy。
You pretty well have to store it in a user.
Otherwise you're just substituting some other security mechanism for the one you're asking about...
David's point in the comment on Infamy's answer is well taken. One should allow some flexibility, in case the user is handling protection at a lower layer... So, go vote for Infamy.
在某些时候,硬编码是不可避免的,除非密码仅以交互方式使用。
在密码存在文件的情况下,您可以做的最好的事情就是首先使其很难访问它,然后限制如果有人找到它可以用它做什么。 根据经验,您不应为存储在字符串中的密码授予比必须在提示符下键入的密码更多的权限。
Hardcoding is inevitable at some point, unless the password is only ever used interactively.
The best thing you can do in a password-in-file situation is make it damn hard to access it in the first place, and then limit what can be done with it if someone does find it. A rule of thumb is that you shouldn't give more privileges to a password stored in a string than one that you have to type at a prompt.
在 Windows 上,您可以/应该使用 DPAPI,提供存储加密的数据保护 API。
它就是专门针对此类问题的。
存储加密基于:
有一个 Karl Franklin 的 dnrTV 节目 准确地展示了实现这一点所需的内容,以及其他加密功能。
该节目的源代码也可以在该页面上找到。
当然,还有很多其他文章关于这个话题。
On Windows you could/should use the DPAPI, the Data Protection API that provides storage encryption.
It's there just for this type of problem.
Encryption of the storage is based on either:
There is a dnrTV show with Karl Franklin showing exactly what's needed to implement this, and other encryption functions.
The source code from the show is also available on the page.
There are, of course, lots of other articles on that subject.