保护纯文本文件中敏感数据的最佳实践?
目前我正在开发一个 C linux 守护进程,它接受用户输入的 SQL 连接字符串,然后将信息存储到本地 conf 文件(客户端)中。守护进程的目的是按照设定的时间间隔向 SQL 数据库提交数据,每次加载守护进程时,它都会在本地配置中查找 SQL 连接字符串。另外,通过使用命令行参数 -c,用户可以在信息更改时重新配置 SQL 连接字符串。有人愿意分享一种保护此conf文件的方法,使其不是纯文本吗?请记住,我仍然需要能够访问和读取conf 文件,因为存在其他conf 设置。预先感谢各位。
编辑:我最终计划使用 SSL 在客户端和 SQL 服务器之间提交数据。
Currently I am working on a C linux daemon that takes user input for an SQL connection string, then stores the information into a local conf file (client side). The purpose of the daemon is to submit data to an SQL database at a set interval in that every time the daemon is loaded it will look to the local conf for the SQL connection string. Also by using the command line argument -c, the user can reconfigure the SQL connection string in the event that the information changes. Would anyone be willing to share a way of securing this conf file so that it is not plain text. Keep in mind that I still need to be able to access and read in from the conf file as there is other conf settings present. Thanks in advance guys.
Edit: I do eventually plan to use SSL to submit the data between the client side and the SQL server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
保护文件的(唯一?)方法是更改其权限,使其仅对运行守护程序的用户可读。
例如。如果您以用户“foo”和组“foo”运行守护程序,您应该:(
或者甚至将其 chmod 为
400以防止意外修改,但我想在这种情况下您将丢失-c选项功能)。注意:还要记住,在命令行上传递连接字符串是非常危险的,因为它们在进程列表中是可见的!
您还可以使用一些 GPG 东西来加密文件,但我不明白从那以后您必须保护用于解密文件的密钥的意义,并且您会遇到与以前完全相同的问题。
The (only?) way to secure the file is to change its permissions to make it readable only to the user that runs the daemon.
Eg. if you are running the daemon as user 'foo' and group 'foo', you should:
(Or even chmod it to
400to prevent accidental modification, but I guess in this case you'll lose the-coption functionality).NOTE: Also remember that it is quite dangerous to pass connection strings on the command line since they will be visible from the process listing!
You could also use some GPG stuff to encrypt the file, but I don't see the point there since then you have to protect the key you use to decript the file, and you get the exact same problem as before.
如果你没有地方保守你的秘密,密码学对你没有帮助。如果您的守护进程能够以某种方式在不使用任何秘密的情况下解码密码,那么任何人都可以做到这一点。因此,您必须依靠系统保护,例如文件访问模式标志来保存密钥。
If you have no place to keep your secrets, cryptography will not help you. If your daemon is somehow able to decode password not using any secret, then anyone can do this too. So you have to rely on system protection, such as file access mode flags to keep keys.