Powershell - “清除项目变量:"与“删除变量" [英] Powershell - "Clear-Item variable:" vs "Remove-Variable"
问题描述
在运行时将文本临时存储在 powershell 变量中时,从内存中删除不再需要的变量内容的最有效方法是什么?
When storing text temporarily in powershell variables at runtime, what is the most efficient way of removing a variables contents from memory when no longer needed?
我同时使用了 Clear-Item variable: 和 Remove-Variable 但是使用后者从内存中删除某些东西的速度与使用以前?
I've used both Clear-Item variable: and Remove-Variable but how quickly does something get removed from memory with the latter vs nulling the memory contents with the former?
我应该更清楚地说明我为什么要问.
I should have made it a little clearer why I am asking.
我正在为一堆应用程序虚拟机自动化 RDP 登录(应用程序不作为服务运行,外包开发人员,长话短说).
I am automating RDP login for a bunch of application VMs (application doesn't run as a service, outsourced developers, long story).
因此,我正在开发(基本完成)一个脚本来将启动会话分组到每个 VM.
So, I am developing (largely finished) a script to group launch sessions to each of the VMs.
想法是存储凭据的脚本函数使用 read-host 提示输入主机名,然后 get-credentials 获取域/用户/密码.
Idea is that the script function that stores credentials uses read-host to prompt for hostname then get-credentials to pick up domain/user/password.
然后使用 256 位密钥(存储凭证并运行组启动的机器/用户唯一的运行时密钥)从安全字符串转换通行证.
The pass is then converted from secure-string using 256-bit key (runtime key unique to machine/user that stored the creds and runs the group launch).
VM 名称、域、用户和加密通行证存储在一个文件中.启动会话时,读取详细信息,解密密码,将详细信息传递给 cmdkey.exe 以存储该 VM 的 \generic:TERMSRV 凭据,清除明文传递变量,将 mstsc 启动到该主机,几秒钟后从 Windows 凭据存储中删除凭据.(如果我将密码作为明文以外的任何内容传递给 cmdkey.exe,则 RDP 会话将收到不正确的凭据或没有凭据).
The VMs name, domain, user and encrypted pass are stored in a file. When launching a session, the details are read in, password decrypted, details passed to cmdkey.exe to store \generic:TERMSRV credential for that VM, clear plaintext pass variable, launch mstsc to that host, a few seconds later remove the credential from windows credential store.
(If I passed password to cmdkey.exe as anything other than plaintext, the RDP session would either receive incorrect or no credentials).
因此,问题是,我需要密码以明文形式存在于内存中尽可能短的时间.
So, hence the question, I need the password In plaintext to exist in memory for as short a time as possible.
为了让安全人员满意,脚本本身是 aes256 加密的,并且带有自己的 ps 主机的 c# 包装器读取、解密和运行脚本,因此在运行它的机器上没有明文源.(文件共享上的加密源非常有效,我有一个终止开关,可以简单地用另一个显示此应用程序已被禁用的消息替换加密脚本)
To keep security guys happy, the script itself is aes256 encrypted and a c# wrapper with its own ps host reads, decrypts and runs the script, so there is no plaintext source on the machine that runs this. (Encrypted source on a file share so effectively I have a kill switch, can simply replace encrypted script with another displaying a message that this app has been disabled)
推荐答案
您可以使用秒表来获取命令行开关的执行时间.我认为这两个 cmdlet 之间并没有真正的时差.我通常使用删除项目",因为在我看来最好删除完整的变量.
You can use a stopwatch to get the execution time for the commandlets. I think there is not really a time difference between these two cmdlets. I´m using normally "Remove-Item" because in my eyes it´s better to remove a variable complete.
$a = "TestA"
$b = "TestB"
$c = "TestC"
$d = "TestD"
$time = New-Object system.Diagnostics.Stopwatch
Start-Sleep 1
$time.Start()
$time.Stop()
$system = $time.Elapsed.TotalMilliseconds
Write-Host "Stopwatch StartStop" $system
$time.Reset()
Start-Sleep 1
$time.Start()
Clear-Item Variable:a
$time.Stop()
$aTime = $time.Elapsed.TotalMilliseconds - $system
Write-Host "Clear-Item in " $aTime
$time.Reset()
Start-Sleep 1
$time.Start()
Remove-Variable b
$time.Stop()
$bTime = $time.Elapsed.TotalMilliseconds - $system
Write-Host "Remove-Variable in " $bTime
$time.Reset()
Start-Sleep 1
$time.Start()
Clear-Item Variable:c
$time.Stop()
$cTime = $time.Elapsed.TotalMilliseconds - $system
Write-Host "Clear-Item in " $cTime
$time.Reset()
Start-Sleep 1
$time.Start()
Remove-Variable d
$time.Stop()
$dTime = $time.Elapsed.TotalMilliseconds - $system
Write-Host "Remove-Variable in " $dTime
$time.Reset()
这篇关于Powershell - “清除项目变量:"与“删除变量"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
