在源$ C $ C存储敏感信息的最佳实践 [英] Best practices for storing sensitive information in source code
问题描述
我是否有用于存储源$ C $ C一些敏感信息的任何建议好奇。为了使自己从一开始就明确,我的不可以谈用户密码,信用卡号码,等;我说的API访问密钥,客户端秘密和其他的数据等不直接相关的应用程序的用户,而是对应用程序本身进行验证以各种组件或第三方服务,(也觉得在数据库连接字符串web.config文件中)。
I'm curious if there are any recommendations for storing some sensitive information in source code. To make myself clear from the beginning, i'm not talking about user passwords, credit card numbers, and so on; i'm talking about API access keys, client secrets and other such data that are not directly related to the users of the application but rather to the application authenticating itself to various components or third-party services (think also of the database connection string in web.config files).
我正在寻找的是一个方法来隐藏,如果可能的话,明文这一敏感信息事件(这是最常见的字符串)preferably无论是在源文件(避免不知何故他们硬编码),并在输出二进制文件。对于二进制文件我知道有模糊的解决方案;然而,对于来源,我不能想到一个简单的之一。理想情况下,解决方案应该作为源代码控制,尽可能友好,允许授权开发人员只需检出code和没有额外的步骤建立它。
What i'm looking for is a way to hide, if possible, plaintext occurrences of this sensitive information (which are most often character strings) preferably both in the source files (avoid somehow hardcoding them) and in the output binaries. For binaries i know there's the "solution" of obfuscation; for sources however, i can't think of a straightforward one. Ideally, the solution should be as source-control-friendly as possible, allowing authorized developers to simply checkout the code and build it without additional steps.
如果您对此有什么建议,我会更愿意听到他们的声音。
If you have any suggestions regarding this, i'd be more than willing to hear them.
推荐答案
我最终选择的解决方案是将所有敏感字符串在 web.config中文件(或的app.config ),然后加密它的敏感部分。然后,我让操作系统和ASP.NET运行时来处理加密/解密。不完美的(毕竟你需要有原始应用程序/ web.config文件中保持明文数据 - 但至少它并没有成为生产机器上),但很方便
The solution I eventually chose was to move all the sensitive strings inside a web.config file (or app.config), then encrypt the sensitive sections of it. I then let the operating system and the ASP.NET runtime to handle encryption/decryption. Not perfect (after all you do need to have the original app/web.config file holding the plaintext data - but at least it doesn't have to be on the production machine), but quite convenient.
这篇关于在源$ C $ C存储敏感信息的最佳实践的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
