在 C# 中通过 Internet 安全可靠地进行更新

发布于 2024-08-07 01:21:16 字数 49 浏览 5 评论 0原文

什么是最安全和最安全的方法来允许软件自动更新而不打开太多漏洞使黑客能够轻松访问系统?

What would be the Most secure and Safe way to allow software to auto-update without opening too many holes to enable a hacker easy access to a system?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

不交电费瞎发啥光 2024-08-14 01:21:16

我建议不要构建您自己的自动更新,如果它适合您,请使用 ClickOnce,如果不适合,请使用商业自动更新组件。

如果您想了解其中涉及的内容,我不久前在我的博客上写了一系列有关编写自动更新组件的文章,包含该系列中所有帖子链接的最后一篇文章位于:http://www.nbdtech .com/blog/archive/2007/08/07/How-To-Write-an-Automatic-Update-System-Part-8.aspx

I recommend not building your own auto-update, use ClickOnce if it works for you or a commercial auto-update component if not.

If you want to see what is involved I wrote a series about writing an auto-update component on my blog some time ago, the last post with links to all the posts in the series is at: http://www.nbdtech.com/blog/archive/2007/08/07/How-To-Write-an-Automatic-Update-System-Part-8.aspx

穿透光 2024-08-14 01:21:16

如果您要创建自己的系统,那么您可能需要一个公钥/私钥对。

因此,您将压缩更新。

然后用服务器上的私钥进行加密。

然后客户端可以解密并解压它,然后安装它。

这样,只要您的私钥是安全的,就可以确保更新是合法的。

这里唯一的弱点是,如果有人将公钥更改为其他密钥,那么他们可能会欺骗该程序,使其认为木马是有效的更新。

您可以使用多种方案来解决这个问题,但这取决于您想要投入多少工作。

If you are going to make your own system then you will probably want to have a public/private key pair.

So, you would zip up the update.

Then encrypt with the private key on the server.

The client can then decrypt and unzip it, and then install it.

That way, as long as your private key is secure then you can ensure that the update is legit.

The only weakness here is that if someone changed the public key to some other key, then they could fool that program into thinking that a trojan is a valid update.

There are various schemes you can use to get around this, but that would depend on how much work you want to put into this.

醉态萌生 2024-08-14 01:21:16

ClickOnce 自动更新是公平且良好的,但任何人都可以承认它不是最时尚的解决方案。我最近开发了一个需要这种自动更新功能的解决方案。以下是我部署自己的更新服务所采取的简要步骤列表,该服务还允许使用“最少”的专业知识进行回滚。

  1. 将安装项目添加到解决方案中,以便该项目可以整齐地打包在 .exe 或 .msi 安装程序包中。

  2. 以下是使用只有您的应用程序知道的所需用户凭据来设置 FTP 服务器。在 ftp 服务器上,设置一个默认目录,用于放置任何新更新。

  3. 您的应用程序将在启动时检查互联网连接,登录到您的远程 FTP 服务器并检查是否有任何要下载的新文件。

    您的应用程序将在启动

  4. 将新更新下载到您的客户端应用程序,并将其放入以日期时间命名的文件夹中以供将来参考。需要进行一些检查,以确保您不会下载相同的旧文件。

  5. 关闭应用程序并运行新安装。根据您设置安装项目的方式,安装向导可能会完全删除以前的版本或仅更新部分(补丁等)。

  6. 您的应用程序可能具有通过进入本地更新目录并找出以前下载的文件来回滚到以前版本的功能。这是带有日期时间戳的文件可以派上用场以供参考的地方。

该解决方案提供了我认为大多数企业解决方案都需要的定制级别,并且我发现它对我来说非常有效。就文件下载而言,FTP 服务器是安全可靠的。您可以在互联网上找到很多 FTP 下载帮助程序库,因此只需按照您想要的方式工作即可,而不必太担心它是如何工作的。

ClickOnce auto update is all fair and well but anyone can admit that it is not the most of fashionable solution. I've recently developed a solution that requires such an auto-update feature. Here is a list of brief steps I took to deploying my very own updating service that also allows for roll-backs with 'minimal' know-how.

  1. Add a Setup project to the solution so that the project could be wrapped up neatly in a .exe or .msi installer package.

  2. The following is to setup a FTP server with your desired user credential that only your application knows. On the ftp server, setup a default directory for where you will put any new updates.

  3. Your application will check for internet connection on start-up, log into your remote FTP server and check for any new files to download.

  4. Download new updates to your client application and put them in a date-time named folder for future reference. Some checks need to be in place to make sure that you don't download the same old files.

  5. Close the application and run the new installation. Depending on how you setup your Setup project, the installation wizard may remove the previous version completely or just update partial (patches, etc.).

  6. Your application may have a feature to roll-back to previous version by going into the local update directory and fish out the previously downloaded files. This is where the date-time stamped files come in handy for reference.

This solution offers a level of customization that I think most Enterprise solutions will need and I found that it works very effectively for me. FTP servers are secure and reliable as far as file downloads are involved. You can find a lot of FTP download helper library on the internet so its a matter of making work the way you want and not worry too much about how it works.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文