python-keyring是如何在Windows上实现的? [英] How is python-keyring implemented on Windows?
问题描述
python-keyring 如何在 Windows 上提供安全性?
How does python-keyring provide security on Windows?
在 Linux 上的 GNOME/KDE 中,系统会提示用户输入他的密码以授权访问每个应用程序的密钥环.
In GNOME/KDE on Linux, the user is prompted to enter his password to authorize access to the keyring on a per-application basis.
在 Windows 中,当应用程序访问密钥环时没有这样的提示.什么是阻止随机 python 应用程序通过运行
In Windows there is no such prompt when an application accesses the keyring. What is stopping a random python application to retrieve a password from the keyring by running
import keyring
get_password(service, username)
如何实现用户同意?整个概念(至少在 Windows 中)是否基于所有已安装程序都是受信任的"的假设?
How is user consent implemented? Is the whole concept, atleast in Windows, based on the assumption that all installed programs are 'trusted'?
推荐答案
稍微研究一下,似乎密码存储在 Windows Credential Vault 中,相当于 Gnome 或 KDE 密钥环.您实际上可以通过打开 Windows 凭据管理器来查看已存储的内容.我只需在 Windows 8.1 的开始屏幕上输入 Credential Manager 即可到达那里,但我认为您也可以从用户帐户页面访问它.
Researching this a bit, it appears that the passwords are stored within a Windows Credential Vault, which is the equivalent of the Gnome or KDE keyrings. You can actually see the ones that you have stored by opening up the Windows Credential Manager. I get there by just typing in Credential Manager on Windows 8.1 from the start screen, but I think you can get to it from the User accounts page as well.
无论如何,正如您从附图中看到的那样,我作为测试添加到密钥环中的密码显示在 Windows Credentials -> 通用凭证 -> keyring_demo.以 PC 上的其他用户身份打开此窗口不会显示此密码,因此它似乎不受其他用户的影响.此屏幕还允许您撤销或更改密码.
Anyway, as you can see from the attached image, the password that I added to the keyring as a test is displayed under Windows Credentials -> Generic Credentials -> keyring_demo. Opening this window up as another user on the PC does not show this password, so it seems secured from other Users. This screen also allows you to revoke or change passwords.
至于如何实现同意,我相信只要您的Windows用户帐户登录,keyring就会运行,但我不知道具体情况.
As to how consent is implemented, I believe keyring will operate as long as your Windows user account is logged in, but I don't know the specifics.
这篇关于python-keyring是如何在Windows上实现的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
