在源代码中保护密码?
我的代码中有一个密码,需要连接到 sftp 服务器。 “混淆”或隐藏在代码中的最佳方法是什么?
谢谢
I have a password in my code which is needed to connect to a sftp server. Whats the best way to "obfuscate" or hide it in the code?
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(11)
不要将密码存储在源代码中,而是将其存储在 App.Config(或 Web.Config)内的受保护部分中。
请参阅此Microsoft Doc
这通过使用内置 Windows 内容加密加密密钥来工作,锁定到 MAC 地址 以及各种其他未记录的内容。
如果您使用多个服务器,这甚至可以工作:
使用此功能,如果有人想要获取您的密码,他们必须首先破坏您服务器上的 Windows 安全性(并非不可能,但比迄今为止查找您的 IL 中的密码更困难)。
Don't store you password in your source code, store it in a protected section within you App.Config (or Web.Config).
See Encrypting Configuration File Sections Using Protected Configuration section in this Microsoft Doc
This works by encrypting the encryption keys using built-in Windows stuff, locked to the MAC address and various other undocumented things.
This will even work if you are using more than one server:
Using this, if someone wanted to get your password, they would have to first break the Windows security on your server (not impossible, but harder than looking into your IL for the password by far).
实际上,我认为在 App.Config 或 Web.Config 中使用“受保护的部分”功能比在代码中存储密码安全性更低。
具有服务器访问权限的任何人都可以解密配置的该部分,就像通过运行每个人都引用的文章中描述的解密命令来加密它一样快:
https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx#Anchor_1
因此 ASP.Net 的此功能仅增加了安全性黑客以某种方式访问了您的 web.config 但无法访问您的整个服务器的情况(发生在 2010,如 Oracle 填充攻击评论中提到的 @djteller)。但如果他们确实具有服务器访问权限,您就会暴露在一次 cmd 调用中。他们甚至不必安装 ildasm.exe。
然而,在代码中存储实际密码是维护的噩梦。因此,我见过的一件事是在 web.config 中存储加密密码,并将加密密钥存储在代码中。这实现了隐藏密码以防止随意浏览的目标,同时仍然可维护。
在这种情况下,黑客至少必须反编译您的代码,找到您的密钥,然后找出您正在使用的加密算法。并非不可能,但肯定比运行“aspnet_regiis -pd...”更难。
与此同时,我也在寻找这个六年前问题的更好答案......
I actually consider using the "protected sections" feature in App.Config or Web.Config to be LESS secure than storing the password in your code.
Anyone with server access can decrypt that section of the config just as quick as you encrypted it by running the decrypt command described in the article everyone keeps quoting:
https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx#Anchor_1
So this feature of ASP.Net only adds security in the case that a hacker somehow had access to your web.config but not your entire server (happened in 2010 as @djteller mentioned in the oracle padding attack comment). But if they do have server access, you're exposed in one cmd call. They don't even have to install ildasm.exe.
However, storing actual passwords in your code is a maintenance nightmare. So one thing I've seen done is storing an encrypted password in your web.config and storing the encryption key in your code. This accomplishes the goal of hiding passwords from casual browsing while still being maintainable.
In this case a hacker has to at least decompile your code, find your key, and then figure out what encryption algorithm you're using. Not impossible, but certainly harder than running "aspnet_regiis -pd...".
Meanwhile I am also looking for better answers to this six year old question...
别打扰。
你能做的任何事情,你的攻击者都可以轻易撤销。
但是,如果它只需要在一台计算机上运行,则可以使用
ProtectedData类,它将安全地保护它免受任何不在该计算机和/或用户的攻击。一般来说,唯一的远程安全方法是将密钥存储在单独的安全位置。
例如,您可以使用密码的(非 MD5)哈希对其进行加密,然后要求用户输入密码,以便您可以获得哈希。 (哈希值和密码本身不会存储在任何地方;您应该创建一个单独的哈希值来验证密码)
Don't bother.
Anything you can do, your attacker can trivially undo.
If it only needs to run on a single machine, however, you can use the
ProtectedDataclass, which will protect it securely against anyone not on that machine and/or user.In general, the only remotely secure way to do this is to store the key in a separate, secure, location.
For example, you can encrypt it using a (non-MD5) hash of a password, then require the user to enter the password so that you can get the hash. (The hash and password themselves would not be stored anywhere; you should make a separate hash to verify the password)
最好的办法就是不要!
如果失败:
使用受保护的配置加密配置文件部分< /a>
Best way is don't!
Failing that:
Encrypting Configuration File Sections Using Protected Configuration
没有“最佳方法”在源代码中存储密码,因为可以通过多种方式恢复密码。
您可以混淆密码字符串,甚至对其进行加密,以防止通过简单查看而泄露,但不能将其视为严格的保护。
There are no "best way" to store password in source code since it can be recovered in many ways.
You can obfuscate password string or even encrypt it to prevent reveal thru simple viewing but it can't be treated as serious protection.
您可以将其作为加密值放入 web.config 文件中。看起来并不太难:
K 斯科特·艾伦教程 http://odetocode .com/blogs/scott/archive/2006/01/08/encrypting-custom-configuration-sections.aspx
我认为有一篇 Scott gu 博客文章,其中包含其他信息的链接。
http://weblogs.asp.net/scottgu/archive/2006 /01/09/434893.aspx
You can put it as an encrypted value in the web.config file. It doesn't look too hard:
K scott Allen tutorial http://odetocode.com/blogs/scott/archive/2006/01/08/encrypting-custom-configuration-sections.aspx
I think there's a Scott gu blog post with links to other information.
http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx
使用 AES 之类的强加密方法对其进行加密,但正如 SLAks 所暗示的那样,攻击者可以对您的代码进行反向工程并计算出加密方法和密钥。您所做的就是添加一个层,将脚本小子和一定级别的攻击者拒之门外。真正想解决这个问题的人是可以做到的。他们还可以运行您的程序并查看发送的密码。
Encrypt it with something strong like AES, but as implied by SLaks, your attacker can reverse engineer your code and work out the encryption method and key. All you are doing is adding a layer which keeps script kiddies and a certain level of attacker out. Someone who really wants to work it out, can do. They could also run your program and watch what password is sent.
不要将密码保存在源代码中。
读这个:
http://en.wikipedia.org/wiki/Security_through_obscurity
没有什么好办法。
您所能做的就是使用智能算法来加密密码。
经验丰富的逆向工程师可以设法破解它。
Don't save your password in the source code.
Read this:
http://en.wikipedia.org/wiki/Security_through_obscurity
There is no good way.
All you can do is use a smart algorithm to encrypt the password.
An experienced reverse engineer would manage to crack it.
对于真正想要您密码的人,您无能为力。但是,如果这不是公共应用程序(内联网?内部应用程序或其他应用程序),您可以简单地使用对称加密算法对其进行加密,或者执行诸如 Base 64 编码之类的操作。
您还可以对代码运行混淆器,以使某处存在密码的情况变得不那么明显。
你还有其他选择吗?原始 SFTP 访问有点危险,也许您可以在两者之间创建某种代理服务,它只允许您的应用程序需要的特定操作。在代码中存储该服务的密码不像在代码中存储 SFTP 密码那样有风险。
There's not much you can do against someone who really wants your password. However, if this isn't a public app (intranet? in-house app or something) you could simply encrypt it using a symmetric encryption algorithm, or do something like base 64 encoding it.
You could also run an obfuscator over your code to make it less obvious that there is a password in there somewhere.
Do you have another option? Raw SFTP access is kinda dangerous, maybe you can create some sort of proxy service in between, which only allows the specific actions your app requires. Storing the password for that service in your code is a not as risky as storing your SFTP password in your code.
您可以使用SLP Code Protector之类的东西来阻止逆向工程你的集会。不过,我同意其他人的观点,这不是最好的主意。
You could use something like SLP Code Protector to block reverse engineering of your assemblies. Still, I agree with everyone else, it's not the best idea.
代码可以在应用程序首次启动时创建一个随机密钥,并将其存储在其他安全位置,而不是在代码中存储密码。然后该随机密钥可用于解密配置文件等。
Instead of storing a password in the code, the code could create a random key when the application first starts and store it somewhere else in a secure place. That random key could then be used to decrypt configuration files etc.