在源代码中保护密码? [英] Securing a password in source code?

问题描述

我的代码中有一个密码，需要连接到 sftp 服务器.在代码中混淆"或隐藏它的最佳方法是什么?

I have a password in my code which is needed to connect to a sftp server. Whats the best way to "obfuscate" or hide it in the code?

谢谢

推荐答案

不要将密码存储在源代码中，而是将其存储在 App.Config(或 Web.Config)中的受保护部分.

Don't store you password in your source code, store it in a protected section within you App.Config (or Web.Config).

请参阅此微软文档

See Encrypting Configuration File Sections Using Protected Configuration section in this Microsoft Doc

这是通过使用内置的 Windows 内容加密加密密钥来工作的，锁定到 MAC 地址 和其他各种未记录的东西.

This works by encrypting the encryption keys using built-in Windows stuff, locked to the MAC address and various other undocumented things.

如果您使用多个服务器，这甚至可以工作:

This will even work if you are using more than one server:

...如果您计划在多个服务器(例如 Web 场)上使用相同的加密配置文件，则只有 RsaProtectedConfigurationProvider 使您能够导出用于加密数据的加密密钥并将其导入另一台服务器.

... if you are planning to use the same encrypted configuration file on multiple servers, such as a Web farm, only the RsaProtectedConfigurationProvider enables you to export the encryption keys used to encrypt the data and import them on another server.

使用此功能，如果有人想获取您的密码，他们必须首先破坏您服务器上的 Windows 安全性(并非不可能，但目前比在您的 IL 中查找密码更难).

Using this, if someone wanted to get your password, they would have to first break the Windows security on your server (not impossible, but harder than looking into your IL for the password by far).

这篇关于在源代码中保护密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！