在代码中放置密码的方法 [英] Ways around putting a password in code

问题描述

我有一些需要以提升的特权运行的代码(更多的是我希望其余代码在此运行).

I have a bit of code that needs to run with elevated privileges (more that I want the rest of my code running at).

我有我的代码可以设置模拟功能，但是需要用户名，域和密码.因为我的代码在C#.net中，所以我知道足够确定的任何人都可以找到该密码.

I have my code that sets up the Impersonation working, but it requires a username, domain and password. As my code is in C#.net I know that the password can be found by anyone determined enough.

有没有一种方法可以加密我的代码中的密码?还是以其他方式确保此密码仍然可以传递呢?

Is there a way to encrypt the password in my code? Or otherwise secure this password and still be able to pass it in?

这是我正在调用的代码:

Here is the code I am calling:

using (new Impersonator("UserNameGoesHere", "DomainNameGoesGere", "Password Goes Here"))
{
     uint output;
     NetUserAdd(AUTHENTICATION_SERVER, 1, ref userinfo, out output);
     return output;
}

我希望看到一个示例，该示例演示了如何解决此问题而不使我的密码不以纯文本显示.

I would love an example that shows how to fix this to not show my password in plain text.

我正在使用Visual Studio 2008，.NET 3.5 SP1，并且在Windows Server 2003上运行.

I am using Visual Studio 2008, .NET 3.5 SP1, and running on Windows Server 2003.

推荐答案

您在这里有多个选择.

1. 您可以第一次对密码进行哈希处理，并将哈希存储到文件中.现在，下一次，您想以提升的特权执行代码，您需要接受/重新输入密码，然后重新计算哈希值，并将其与存储的哈希值进行匹配.只有匹配时，您才能在高程模式下执行代码.您可以使用SHA进行哈希处理.请查看System.Crytography命名空间以获取有关哈希的示例.

1. You can hash the password the very first time and store the hash to a file. Now the next time, you want to execute the code with elevated privileges, you need to accept/retype the password and re-compute the hash and match it with the stored hash. Only if it matches will you execute your code in elevation modes. You could hash using SHA. Please look at System.Crytography namespace for examples on hashing.

第二个选项是使用AES之类的算法对密码进行加密.但是，您将需要有一个密钥来执行此操作，并且您将不得不担心要保护此密钥.

Second option is to encrypt the password using algorithms like AES. However you will need to have a key to do this and you will have to worry about securing this key.

第三种选择是使用DPAPI并加密密码，但不必担心保护密钥-比2容易得多的选择.

Third option is to use DPAPI and encrypt the password but not worry about securing the keys - much easier option than 2.

如果您不介意每次启动应用程序都重新输入密码，我建议您选择1.如果那是不可能的，我建议使用3并使用DPAPI.

I would recommend 1 if you do not mind re-entering the password every time the application starts. If that is not a possibility, I would suggest going with 3 and use DPAPI.

这里有一些链接可以帮助您入门.

Here are some links to get you started.

1. http://www.obviex.com/samples/dpapi.aspx2. http://www.obviex.com/samples/Encryption.aspx

这篇关于在代码中放置密码的方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！