如何判断加密的应用程序是否正在写入IsolatedStorage [英] How to tell if an encrypted app is writing to IsolatedStorage
问题描述
您好,
我正在编写一个我正在加密并分发给客户的应用程序。我想通过写入(和读取)IsolatedStorage文件来使用简单的许可方案。
问题是,黑客能否知道我的应用程序是否正在编写来自/读取IsolatedStorage中的这些文件?
Hello,
I'm writing an app that I am encrypting and distributing to clients. I want to use a simple licensing scheme by writing to (and reading from) an IsolatedStorage file.
The question is, can a hacker find out if my app is writing to/reading from these files in IsolatedStorage?
推荐答案
我的问题基本上就是这个,IsolatedStorage是一个更安全的位置,还是像黑客一样容易被嗅探?
My question is basically this, is IsolatedStorage a more secure location, or is it just as vulnerable to sniffing by a hacker?
这是我的看法,但你应该明白我不是黑客之一:
我认为 IsolatedStorage 不会增加对恶意活动的保护。它并非专门用于保护此类活动。这是一种隔离工具。在某种程度上,它类似于不同进程之间的隔离,只是它将隔离添加到磁盘上的持久存储。请阅读上面引用的文章中的数据分区和商店部分。这种保护消除了与文件命名冲突相关的许多不确定性以及与开发相关的其他方面。它确实可以防止不安全的编程和编程错误。是否会使黑客攻击更加困难?当然,但与过程隔离相同,或者说,x86和后来的指令集架构中的保护模式。它需要黑客更多的资格,但几乎不会阻止他们的努力。
请参阅: http://msdn.microsoft.com/en-us/library/3ak841sy.aspx [ ^ ]。
如果恶意艺术家可以注入在你的应用程序中的恶意行为,考虑你的孤立存储也被破解。
This is my opinion, but you should understand that I'm not one of the hackers:
I think IsolatedStorage does not add to protection from malicious activity much. It is not designed specifically to protect from such activity. This is a tool for isolation. In a way, it is analogous to isolation between different processes, only it adds the isolation to the persistent storage on disk. Read the section "Data Compartments and Stores" in an article referenced above. Such protection removes a lot of uncertainty related to the file naming clashes and other aspects which are rather related to development. It does protect from unsafe programming and programming mistakes. Does it make things more difficult for hacking? Certainly, but in the same sense as process isolation or, say, protected mode in x86 and later instruction-set architectures. It requires more qualification from the hackers, but hardly blocks their efforts.
Please see: http://msdn.microsoft.com/en-us/library/3ak841sy.aspx[^].
If a malicious artist can inject that malicious behavior in your application, consider your isolated storage is also cracked.
这篇关于如何判断加密的应用程序是否正在写入IsolatedStorage的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
