Windows 8 应用程序 - 本地存储安全 [英] Windows 8 Apps - Local Storage Security
问题描述
本地数据有多安全
ApplicationData.Current.LocalSettings
Windows 8 Store 应用中使用的存储?
storage used in Windows 8 Store Apps?
This application data storage article says nothing about security, neither does this one.
可以从应用程序外部操纵这些数据吗?
Can this data be manipulated from outside of the app?
我查看了数据所在的位置
I looked at the location of the data
C:\Users[用户名]\AppData\Local\Packages[package_namespace]\LocalState)
C:\Users[username]\AppData\Local\Packages[package_namespace]\LocalState)
但是没有找到.具体保存在哪里?
but did not find it. Where is it saved exactly?
我正在尝试评估这种存储机制的安全性,以确定我是否可以在那里存储安全关键信息.
I'm trying to asses the security of this storage mechanism to decide whether I can store security-critical information there.
推荐答案
经过更多调查我发现:
http://lunarfrog.com/blog/2012/09/13/inspect-app-settings/
数据存储在
C:\Users[用户名]\AppData\Local\Packages[package_namespace]\LocalState\Settings\settings.dat
C:\Users[username]\AppData\Local\Packages[package_namespace]\LocalState\Settings\settings.dat
这是一个 Windows NT 注册表文件 (REGF),可以用注册表编辑器打开,也可以操作.
which is a Windows NT registry file (REGF) which can be openend with the registry editor and can also be manipulated.
意思是,本地存储不安全.
如果没有其他办法,加密数据并混淆密钥是可能的.
If there is no other way, encrypting the data and obfuscating the keys is a possibility.
这篇关于Windows 8 应用程序 - 本地存储安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!