什么是存储网络主机上的密码或私有密钥的最好方法？ [英] What's the best way to store a password or private key on a web host?

问题描述

我不是指的是不是必须使用的密码做（如的其他的用户密码的我的的网站 - 在这种情况下，我真的不的有来存储它们。请参见 http://stackoverflow.com/a/1054069/939213）。所以索性存储哈希是不是一种选择。

I'm not referring to passwords that don't have to be used (such as passwords for other users to my site - in which case I really don't have to store them. See http://stackoverflow.com/a/1054069/939213 .) so simply storing hashes is not an option.

我指的是存储密码到SQL数据库和共享服务器上的软件必须使用私钥。

I'm referring to storing passwords to an SQL database and a private key that the software on the shared server has to use.

我想没有的真正的安全做到这一点的方式。我只是想知道什么是的最好在这种情况下的

I assume there's no really secure way to do it. I just want to know what's the best in this situation.

我试图让他们安全的黑客（同一虚拟主机上或没有）。不是从其他人谁有权查看这些文件。

I'm trying to keep them secure from hackers (on the same web host or not). Not from others who have permission to see the files.

这是将要使用它们ASP.Net codebehind。

It's ASP.Net codebehind that will be using them.

推荐答案

Windows下提供数据保护API（DPAPI）专门用于这一目的。看看进入 ProtectedData 类从.NET消费它。

Windows offers the Data Protection API (DPAPI) specifically for this purpose. Look into the ProtectedData class for consuming it from .NET.

DPAPI的好处是，你的敏感数据是基于Windows用户的登录凭证进行加密，这意味着它是安全的，除非您的Windows帐户被泄露。

The advantage of DPAPI is that your sensitive data is encrypted based on the Windows user’s logon credential, meaning that it is secure unless your Windows account is compromised.

这篇关于什么是存储网络主机上的密码或私有密钥的最好方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！