在临时XML配置文件中存储密码的正确方法 [英] Proper Way to Store Passwords in Temporary XML Config File

问题描述

我创建了一个程序，该程序启动一个单独的子进程，该子进程对文件执行任务.其中一些文件受密码保护，因此为了使子进程在这些文件上运行，它需要它们的密码.我要实现这一目标的计划是传递一个XML配置文件，其中包含与此相似的所有文件路径和密码:

I have created a program that launches a separate child process that performs tasks on files. Some of these files are password protected, so in order for the child process to run on these files, it needs their passwords. My plan to accomplish this is to pass an XML config file containing all the file paths and passwords similar to this:

<Files>
    <File>
      <Path>C:\Users\hahaha\hehehe\file2</Path>
      <Password>123456abc</Password>
    </File>
    <File>
      <Path>C:\Users\blablaa\abc\file1</Path>
      <Password>123456abc</Password>
    </File>
</Files>

此信息保留在本地计算机上，并且永远不会通过网络传递.此XML配置文件是在父进程中创建的.子进程将代表此XML配置文件路径的字符串作为参数.然后，子进程将解析XML文件，然后根据文件和密码((键，值)=>文件路径，密码)创建字典.该过程完成后，可以删除配置文件.

This information stays on the local machine and is never passed through a network. This XML config file is created within the parent process. The child process takes a string representing the path to this XML config file as an argument. The child process will then parse the XML file and then create a dictionary out of the files and passwords ((key, value) => file path, password). After the process completes the config file can be deleted.

我的问题是:在配置文件中存储密码的最佳实践和方法是什么?我认为对它们进行加密就足够了.或者，如果有完全不同的方法更好，那会是什么样?

My question is this: What is the best practice and method for storing the passwords in the config file? I assume that encrypting them would be sufficient. Or if there is an entirely different method that is better, what would that look like?

推荐答案

A.想法是使用Windows密码管理器.

A. Idea is to use Windows Password Manager.

1. 使用CredAPI在此处创建URL我的超级应用程序"的临时密码(如果未创建)
2. 使用它加密XML部分.

B.想法是使用CryptoAPI为用户个人商店中的应用程序创建证书

B. Idea is to create certificate for application in user personal store using CryptoAPI

1. 使用Crypto API在个人用户中创建包含两个密钥的临时证书并将其放入其中
2. 使用它加密XML部分.

要获得对XML坏人的访问权限，需要侵入其他用户帐户.如果密码将由admin重置，则所有人员将丢失.

To gain access to the XML bad guy will need to break into the other user account. If the password will be resetted by admin then all that staff will be lost.

但是将数据存储在临时文件中只是为了将其传递给子进程是一种幼稚的事情.正确的方法是使用其中任何一种来完成该任务

But storing data in a temporary file just to pass it to a child process is a kinda childish thing. Proper way is to use any of this one to accomplish that task

• 网络远程处理
• TcpServer-TcpClient并通过网络流数据传输
• 内存映射文件
• 管道

这篇关于在临时XML配置文件中存储密码的正确方法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！