当前位置: 文江博客话题详情

vb.net连接实体框架连接字符串安全

发布于 2024-12-02 23:09:49 字数 207 浏览 4 评论 0原文

我了解在 .net v4 中加密连接字符串的可能性。我有一个 win 表单应用程序,可供多个人在不同的机器上使用。我知道我需要在应用程序首次在目标计算机上运行时保护连接字符串。但是我担心在一段时间内我的连接字符串将未加密。我正在寻求有关如何使用已加密或在安装过程中加密的连接字符串来部署我的应用程序的建议。

其他人会如何以安全的方式加密连接字符串?

非常感谢任何帮助。

原文

I understand the possibilities for encrypting a connection string in .net v4. I have a win forms application that will be used by multiple people on different machines. I understand that I need to protect the connection string at time of the app being first run on the target machine. However I am concerned that for a period of time my connection string will be unencrypted. I am looking for advice in how to deploy my app with the connection string already encrypted or encrypted during installation.

How would anyone else go about encrypting the connection string in a secure way?

Any help is greatly appreciated.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

潦草背影 2024-12-09 23:09:49

您可以获取 connectionString 配置部分并修改它,如下所示:

oSection = oConfiguration.GetSection("connectionStrings") as System.Configuration.ConnectionStringsSection;

if (oSection != null)
{
    if ((!(oSection.ElementInformation.IsLocked)) && (!(oSection.SectionInformation.IsLocked)))
    {
        if (protect)
        {
            if (!(oSection.SectionInformation.IsProtected))
            {
                blnChanged = true;

                // Encrypt the section.
                oSection.SectionInformation.ProtectSection
                            (strProvider);
            }
        }
        else
        {
            if (oSection.SectionInformation.IsProtected)
            {
                blnChanged = true;

                // Remove encryption.
                oSection.SectionInformation.UnprotectSection();
            }
        }
    }

    if (blnChanged)
    {
        // Indicates whether the associated configuration section 
        // will be saved even if it has not been modified.
        oSection.SectionInformation.ForceSave = true;

        // Save the current configuration.
        oConfiguration.Save();
    }
}

VB.NET 中的示例

Public Sub ProtectSection()
    ' Get the current configuration file.
    Dim config As Configuration = ConfigurationManager.OpenExeConfiguration
                    (ConfigurationUserLevel.None)
    Dim protectedSection As ConfigurationSection = config.GetSection(m_Section)

    ' Encrypts when possible
    If ((protectedSection IsNot Nothing) _
    AndAlso (Not protectedSection.IsReadOnly) _
    AndAlso (Not protectedSection.SectionInformation.IsProtected) _
    AndAlso (Not protectedSection.SectionInformation.IsLocked) _
    AndAlso (protectedSection.SectionInformation.IsDeclared)) Then
        ' Protect (encrypt)the section.
        protectedSection.SectionInformation.ProtectSection(Nothing)
        ' Save the encrypted section.
        protectedSection.SectionInformation.ForceSave = True
        config.Save(ConfigurationSaveMode.Full)
    End If
End Sub

您可以在应用程序安装过程中使用此代码(以检查,配置是否受到保护),您可以在每次运行应用程序期间进行检查。

更新:
关于评论中的问题 - 您可以使用空连接字符串分发应用程序,并在安装过程中设置此属性(在这种情况下不要忘记代码混淆)并保存配置文件。

You can get your connectionString config section and modify it, like that:

oSection = oConfiguration.GetSection("connectionStrings") as System.Configuration.ConnectionStringsSection;

if (oSection != null)
{
    if ((!(oSection.ElementInformation.IsLocked)) && (!(oSection.SectionInformation.IsLocked)))
    {
        if (protect)
        {
            if (!(oSection.SectionInformation.IsProtected))
            {
                blnChanged = true;

                // Encrypt the section.
                oSection.SectionInformation.ProtectSection
                            (strProvider);
            }
        }
        else
        {
            if (oSection.SectionInformation.IsProtected)
            {
                blnChanged = true;

                // Remove encryption.
                oSection.SectionInformation.UnprotectSection();
            }
        }
    }

    if (blnChanged)
    {
        // Indicates whether the associated configuration section 
        // will be saved even if it has not been modified.
        oSection.SectionInformation.ForceSave = true;

        // Save the current configuration.
        oConfiguration.Save();
    }
}

Example in VB.NET:

Public Sub ProtectSection()
    ' Get the current configuration file.
    Dim config As Configuration = ConfigurationManager.OpenExeConfiguration
                    (ConfigurationUserLevel.None)
    Dim protectedSection As ConfigurationSection = config.GetSection(m_Section)

    ' Encrypts when possible
    If ((protectedSection IsNot Nothing) _
    AndAlso (Not protectedSection.IsReadOnly) _
    AndAlso (Not protectedSection.SectionInformation.IsProtected) _
    AndAlso (Not protectedSection.SectionInformation.IsLocked) _
    AndAlso (protectedSection.SectionInformation.IsDeclared)) Then
        ' Protect (encrypt)the section.
        protectedSection.SectionInformation.ProtectSection(Nothing)
        ' Save the encrypted section.
        protectedSection.SectionInformation.ForceSave = True
        config.Save(ConfigurationSaveMode.Full)
    End If
End Sub

You can use this code during the installation for your application (to check, is the config protected) and you can check every time during runnig your application.

UPDATE:
About your question from comments - you can distribute your application with empty connection string, and during your install, set this property (do not forget about code obfuscation in this case) and save your config file.

回复 原文
~没有更多了~

关于作者

蛮可爱

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文