在应用程序中保存用户设置的位置 [英] where to save user settings in an app

问题描述

我有一个应用需要连接到sql server并使用

useName / password登录。目前，我的应用程序将此信息保存在XML文件中，格式为

文本（即无加密）。每次打开应用程序时，都会读取XML文件
以及用于建立sql连接的userName / password。这是

正常的做事方式，还是更聪明地保存这些设置

在其他地方，如注册表？如果认为保存为XML是合适的，那么我应该关注纯文本userName / password。我主要是一个试图转向桌面应用程序开发的网站开发人员，所以担心桌面上的保存信息对我来说是一个新的领域，而且我是感谢任何信息

如何做到这一点。


提前提前。


..

i''ve got an app that needs to connect to sql server and login with a
useName/password. currently, my app saves this info in an XML file in plain
text (i.e. no encryption). everytime the app is opened, the XML file is read
and the userName/password used to establish the sql connection. is this the
normal way of doing things, or is it smarter to save these set tings
elsewhere, like the registry? if saving to XML is deemed appropriate, should
i be concerned with the plain text userName/password. i''m primarily a web
developer trying to move to desktop app development, so worrying about
saving info on the desktop is a new area for me and i''d appreciate any info
on how this is generally done.

tks in advance.

..

推荐答案

不建议再在注册表中保存内容。 XML

配置文件是常用的方法。为了增加安全性，您可以使用MD5加密来加密文件。


-

Bob Powell [MVP]

Visual C＃，System.Drawing

Ramuseco Limited .NET咨询
http://www.ramuseco.com

在Windows窗体中查找精彩的Windows窗体提示和技巧
< a rel =nofollowhref =http://www.bobpowell.net/tipstricks.htmtarget =_ blank> http://www.bobpowell.net/tipstricks.htm


使用GDI +常见问题解答回答那些GDI +问题
http://www.bobpowell.net/faqmain.htm


所有新文章都提供C＃和VB.NET代码。

订阅提供的RSS提要，绝不会错过任何新文章。


Dica < GE ***** @ hotmail.com>在消息中写道

新闻：Ns ******************** @ rogers.com ...

Saving things in the registry is not recommended anymore. An XML
configuration file is the usual way to go. For added security you can
encrypt the file using an MD5 encryption.

--
Bob Powell [MVP]
Visual C#, System.Drawing

Ramuseco Limited .NET consulting
http://www.ramuseco.com

Find great Windows Forms articles in Windows Forms Tips and Tricks
http://www.bobpowell.net/tipstricks.htm

Answer those GDI+ questions with the GDI+ FAQ
http://www.bobpowell.net/faqmain.htm

All new articles provide code in C# and VB.NET.
Subscribe to the RSS feeds provided and never miss a new article.

"Dica" <ge*****@hotmail.com> wrote in message
news:Ns********************@rogers.com...

i '有一个应用程序需要连接到SQL服务器并使用
useName /密码登录。目前，我的应用程序将此信息保存在一个XML文件中，即
纯文本（即无加密）。每次打开应用程序时，都会读取XML文件和用于建立sql连接的userName / password。这是
正常的做事方式，还是更聪明地将这些设置保存在其他地方，比如注册表？如果认为保存为XML是合适的，那么
应该关注纯文本userName / password。我主要是一个试图转向桌面应用程序开发的网页开发人员，所以担心在桌面上保存信息对我来说是一个新领域，我会感激任何
信息
关于如何做到这一点。

提前预定。

。

i''ve got an app that needs to connect to sql server and login with a
useName/password. currently, my app saves this info in an XML file in
plain
text (i.e. no encryption). everytime the app is opened, the XML file is
read
and the userName/password used to establish the sql connection. is this
the
normal way of doing things, or is it smarter to save these set tings
elsewhere, like the registry? if saving to XML is deemed appropriate,
should
i be concerned with the plain text userName/password. i''m primarily a web
developer trying to move to desktop app development, so worrying about
saving info on the desktop is a new area for me and i''d appreciate any
info
on how this is generally done.

tks in advance.

.

不推荐使用MD5加密（微软），我会使用SHA256或384.


这篇文章
http://msdn.microsoft .com / library / de ... SecNetHT11.asp

有一些信息，但让我感到困惑，因为你有加密的

连接字符串''您的源代码中的加密密码，即使是模糊的
也很容易获得。看起来有点像Catch 22，即使使用DAPI也是
。


我将使用的解决方案是返回连接的Web服务

字符串，其中Web服务方法需要凭据。

MD5 encryption isn''t recommended (by Microsoft), I''d use SHA256 or 384.

This article
http://msdn.microsoft.com/library/de...SecNetHT11.asp
has some info, but leaves me confused as you then have the encrypted
connection string''s encryption password in your source code, which even
with obfuscation is quite easy to get at. A bit of a Catch 22 it seems,
even using the DAPI.

The solution I''d use is a web service that returns the connection
string, with the web service method requiring credentials.

Dica，


一般来说，我同意鲍勃的回应。我要添加的唯一的东西是
，这应该真的包含在你的应用程序的app.config文件

中。


像Bob说的那样，你可以使用加密算法来加密用户名

和密码。


唯一的问题是你将存储加密密钥的地方。因为它很容易拆解.NET代码，如果你在某处硬编码密钥，它很容易找到，而且有人可以轻易绕过加密。


希望这会有所帮助。

-

- Nicholas Paldino [.NET / C＃MVP]

- mv*@spam.guard.caspershouse.com

Dica ; < GE ***** @ hotmail.com>在消息中写道

新闻：Ns ******************** @ rogers.com ...

Dica,

Generally speaking, I would agree with Bob''s response. The only things
I would add is that this should really be contained in the app.config file
for your app.

Like Bob said, you can use encryption algorithms to encrypt the username
and password.

The only problem is where you will store the encryption key. Because it
is easy to disassemble .NET code, if you hard code the key somewhere, it
will be easy to find, and someone can circumvent the encryption easily.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"Dica" <ge*****@hotmail.com> wrote in message
news:Ns********************@rogers.com...

i '有一个应用程序需要连接到SQL服务器并使用
useName /密码登录。目前，我的应用程序将此信息保存在一个XML文件中，即
纯文本（即无加密）。每次打开应用程序时，都会读取XML文件和用于建立sql连接的userName / password。这是
正常的做事方式，还是更聪明地将这些设置保存在其他地方，比如注册表？如果认为保存为XML是合适的，那么
应该关注纯文本userName / password。我主要是一个试图转向桌面应用程序开发的网页开发人员，所以担心在桌面上保存信息对我来说是一个新领域，我会感激任何
信息
关于如何做到这一点。

提前预定。

。

i''ve got an app that needs to connect to sql server and login with a
useName/password. currently, my app saves this info in an XML file in
plain
text (i.e. no encryption). everytime the app is opened, the XML file is
read
and the userName/password used to establish the sql connection. is this
the
normal way of doing things, or is it smarter to save these set tings
elsewhere, like the registry? if saving to XML is deemed appropriate,
should
i be concerned with the plain text userName/password. i''m primarily a web
developer trying to move to desktop app development, so worrying about
saving info on the desktop is a new area for me and i''d appreciate any
info
on how this is generally done.

tks in advance.

.

这篇关于在应用程序中保存用户设置的位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！