确保多用户应用程序中用户之间安全的方法
我正在编写一个多用户应用程序(.NET - C#),其中每个用户的数据与其他用户分开,并且用户之间没有公共数据。确保任何用户都无法访问其他用户的数据至关重要。
有哪些方法可以在数据库级别和/或应用程序架构中实现安全性来实现这一目标?例如(这完全是编造的 - 我并不是说这是一个好或坏的方法)在所有数据表中包含 userID 列可能是一种方法。
我正在使用 C# (asp.net) 和 SQL Server 2008 开发该应用程序。我正在寻找我正在使用的工具中固有的选项或通用模式。
I'm writing a multiuser application (.NET - C#) in which each user's data is separated from the others and there is no data that's common between users. It's critical to ensure that no user has access to another user's data.
What are some approaches for implementing security at the database level and/or in the application architecture to to accomplish this? For example (and this is totally made up - I'm not suggesting it's a good or bad approach) including a userID column in all data tables might be an approach.
I'm developing the app in C# (asp.net) and SQL Server 2008. I'm looking for options that are are either native in the tools I'm using or general patterns.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我相信通过用户 ID 将数据与用户关联是最常见的方法。
另一种方法是加密。
每个用户都可以拥有一些秘密密钥、实际的数字密钥或者可能只是一个密码,并且他们的所有数据都可以使用他们的秘密密钥进行加密,以便其他用户无法访问它。您仍然需要将数据与用户 ID 关联起来以进行查询等。
I believe associating data with a user via a user id is the most common approach.
Another approach is encryption.
Each user could have some secret key, an actual digital key or maybe just a password, and all their data could be encrypted with their secret key so that other users wouldn't be able to access it. You would still need to associate data with user ids for querying etc.
你可以这样做
1. 创建 dbo.users 表并具有以下列,请注意,
一旦您的用户针对此表进行身份验证,这并不完整,然后您只需使用 ppid 返回并输入和更新与该用户相关的任何数据
You could do this
1. Create a dbo.users table and have following columns, note this is not complete
once your user authenticates against this table then you just use the ppid to return and enter and update any data related to that user
如果它适用于您的问题(我不知道),为什么不使用适合您的问题的任何类型的访问方法(谁可以访问哪个文件,并且具有读取、写入和删除的权限)?例如:
(MAC)
如果适合您的问题,您可以阅读并选择其中之一。
why not using any kind of access methods (who can access which file, and has the rights of read, write and delete) that fits your problem if it works with your problem (i have no idea)? For example:
(MAC)
you can read and select one of them if it fits your problem.