如何在 Silverlight 中加密用户密码?

发布于 2024-08-20 23:33:57 字数 667 浏览 10 评论 0原文

我有一个 Silverlight 3 应用程序,它连接到服务器以执行各种操作。我的用户使用表单身份验证登录,但他们请求的操作是使用 AppPool 帐户在服务器上运行的,因此当他们进入审核日志时,他们会根据 AppPool 帐户进行记录。 PCI DSS 法规现在要求审核日志中包含用户自己的 ID,这意味着必须使用用户的信用来执行操作。现在,我可以在用户登录时保存用户的凭据,并在每个请求中提交这些凭据,并且服务器采取的操作可以使用这些凭据。但 PCI 法规规定,如果保存信用,则必须对其进行加密(以避免有人获取 PC 的内存转储并获取密码)。

我能看到这样做的唯一方法是从服务器获取公钥并用它加密密码,然后提交加密的密码并使用私钥在服务器上解密。但 Silverlight 没有非对称加密技术。

我想我太接近问题了,必须有另一个解决方案,但我看不到它是什么。有人可以帮忙吗?

澄清

这是一个内部应用程序。到目前为止,我一直在通过 SSL 使用 IIS Forms AuthN 到 Active Directory - 我并不担心在传输过程中保护密码,只要密码保存在客户端的内存中即可。据我了解,因为我使用的是Forms Authentication,除非我使用LogonUser,否则在服务器上不可能进行模拟,这意味着我需要服务器上的密码,所以我每次都需要传输它,所以我需要保留它在客户端、内存中,直到应用程序关闭。

I have a Silverlight 3 app which connects to a server to perform various actions. My users log in using Forms Authentication but the actions they request are run on the server using the AppPool account so when they go in the audit logs they're recorded against the AppPool account. PCI DSS regulations now require that the user's own ID is in the audit logs which means the action must be taken using the user's creds. Now, I can save the user's creds when they log on and submit them with each request and the actions being taken by the server can use those creds. But the PCI regs say that if creds are saved they must be encrypted (to avoid someone taking a memory dump of the PC and getting the password).

The only way I can see of doing this is to get a public key from the server and encrypt the password with it, then submit the encrypted password and decrypt it on the server using the private key. But Silverlight doesn't have asymmetric cryptography.

I guess I'm too close to the problem and there must be another solution but I can't see what it is. Can anyone help?

CLARIFICATIONS

It's an internal application. Up until now, I've been using IIS Forms AuthN over SSL to Active Directory - I'm not worried about protecting the password in transit, just whilst it's held in memory on the client. As I understand it, because I'm using Forms Authentication, impersonation is not possible on the server unless I use LogonUser, which means I need the password on the server, so I need to transmit it each time, so I need to hold it in the client, in memory, until the app closes.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

沫雨熙 2024-08-27 23:33:57

您是说您需要存储密码以便在 silverlight 应用程序中重复使用吗?如果您担心密码出现在未加密的内存中,那么 Silverlight 那么我认为您有麻烦了。

.NET 框架确实有一个 SecureString 类,用于您概述的确切目的。

不幸的是,Silverlight 版本的框架没有这个类。因此,即使您要在某个时刻对密码的逻辑存储进行加密,您的代码也需要在使用它之前解密。此时已分配内存,其中包含未加密形式的字符串。

我对表单身份验证了解不多,但如果您可以将用户原则映射到域用户(您似乎表明您需要),那么您将希望在服务器上运行代码时使用模拟。

或者停止使用表单身份验证并使用 Windows 集成身份验证,您绝对可以使用模拟服务器端。

Are you saying you need to store the password for re-use in the silverlight app? If you are concerned about the password appearing in memory un-encrypted then Silverlight then I think you're in trouble.

The .NET framework does have a SecureString class for exact purpose you outline.

Unfortunately the Silverlight version of the framework does not have this class. Hence even if you were to keep the logical storage of the password encrypted at some point your code would need to decrypt it before using it. At the point there is memory allocated containing the string in unencrypted form.

I don't know much about Forms authentication but if you can map the User principle to a domain user (which you seem to indicate you need) then you will want to use impersonation when running your code on the server.

Alternatively stop using Forms authentication and use Windows integrated authentication where you definitely can use impersonation server-side.

叫思念不要吵 2024-08-27 23:33:57

切勿对密码使用加密。当你加密某些东西时,就应该有一种方法来解密它。哈希应该始终用于密码的一种方式。 MD5 和 SHA1 已被证明对于任何安全系统来说都太弱了。
应该使用 Sha256,在 silverlight 中这个库会处理它:
http://msdn。 microsoft.com/en-us/library/system.security.cryptography.sha256%28VS.95%29.aspx

事实上,漏洞系列可识别使用“加密”存储密码CWE-257。使用消息摘要是安全存储密码的唯一方法。这不是我编造的,而是来自 NIST。存储密码时还会出现许多其他漏洞。以下是 NIST 整理的列表

Encryption should never be used for passwords. When you encrypt something then it follows there should be a way to decrypt it. One way hashes should always be used for passwords. md5 and sha1 have been proven to be far too weak for any secuirty system.
Sha256 should be used, and in silverlight this library will take care of it:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha256%28VS.95%29.aspx

In fact storing passwords using "encryption" is recognized by the vulnerability family CWE-257. The use of a message digest is the ONLY way to safely store passwords. I didn't just make this up, this is coming from NIST. There are many other vulnerabilities that come up when storing passwords. Here is THE LIST that NIST has put together:

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文