正确保护C#Windows Forms应用程序的登录信息 [英] Properly securing login information for a C# Windows Forms application
本文介绍了正确保护C#Windows Forms应用程序的登录信息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在编写一个Windows Forms应用程序,该应用程序要求用户登录.我上次使用的方法是将用户名/密码存储在文件中,该文件可以根据程序的要求进行加密/解密.但是我将密钥硬编码到程序中,如下所示:
私有 RijndaelManaged rm = 新 RijndaelManaged();
字节 []键=
{ 12 , 84 , 46 , 77 , 09 , 27 , 99 , 65 , 92 , 52 , 57 , 35 , 95 , 75 , 57 };
字节 [] IV =
{ 12 , 84 , 46 , 77 , 09 , 27 , 99 , 65 , 92 , 52 , 57 , 35 , 95 , 75 , 57 };
这显然是一个坏主意.如何在程序外部安全地存储/分发密钥?解决方案
我同意上面列出的两个注释,但是另一种选择是仅存储加密的用户名密码令牌.请勿随时将用户名和密码分别存储在文件中.这本身就是安全风险.使用令牌将使您可以针对令牌而不是作为单独实体的用户名/密码进行验证.
您可以选择自己的哈希模式.
MD5(用户名+"
!#
Hi,
I am writing a Windows Forms application which requires the users to log in. I have done this before. The method I used last time was storing the usernames / passwords in a file which could be encrypted / decrypted as required by the program. But I hard coded the key into the program like this:
private RijndaelManaged rm = new RijndaelManaged();
byte[] key =
{ 12, 84, 46, 77, 09, 27, 99, 65, 92, 84,
52, 57, 35, 95, 75, 57 };
byte[] IV =
{ 12, 84, 46, 77, 09, 27, 99, 65, 92, 84,
52, 57, 35, 95, 75, 57 };
This is obviously a bad idea. How can I store / distribute keys securely outside the program?
解决方案 I agree with both comments listed above, but another option is to store only the encrypted username password token. Do not at any time store the username and password separately in a file. That is a security risk in itself. Using a token will allow you to validate against the token instead of the username/password as separate entities.
You could choose yourself a hashing pattern.
MD5(username+"
!#
这篇关于正确保护C#Windows Forms应用程序的登录信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文