.NET平台的安全漏洞？ [英] Security vulnerabilities of the .NET platform?

问题描述

我做的.NET安全一些研究。最来源只是描述了.NET的安全机制，但没有连牢记的可能存在的漏洞或事物的词。你知道在.NET平台上的任何安全问题？

I am doing some research on .NET security. The most of sources just describe .NET security mechanisms but no even a word of possible vulnerabilities or things to be kept in mind. Do you know any security problems on .NET platform?

推荐答案

在.NET世界中的安全问题的主要来源是使用它的开发人员。这是很容易写出来与任何框架的应用程序和.NET框架没有任何好转。

The major source of security problems in the .NET world is the developers using it. It is easy to write applications with any framework and .NET framework is not any better.

除此之外，唯一的主要问题，我能想到的是所有使用的字符串，而不是SecureString的存储敏感数据，如密码的控制。每个版本的.NET框架是比去年更好的在这里，但我觉得还是有不使用它们的几种常见的控制。

Apart from that the only major problem I can think of is all the controls that use String instead of SecureString for storing sensitive data like passwords. Each version of the .NET framework is better than the last here, but I think there are still several common controls that don't use them.

该SecureString的可以被认为是存储在加密存储器和从内存中使用后删除的字符串。因为在.NET字符串是不可变的任何新的字符串将被存储在存储器中的共享的位置，以便相同的值的新的字符串可以共享存储器位置。这意味着存储在字符串敏感数据是比较容易获得的持有。

The SecureString can be thought of as a String that is stored in encrypted memory and that is deleted from memory after use. Since strings in .NET are immutable any new strings will be stored in memory in a shared locations so that new strings of the same value can share that memory location. This means that sensitive data stored in a string is relatively easy to get hold of.

这篇关于.NET平台的安全漏洞？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！