如何窥探你的 wpf 应用程序? [英] How to Snoop proof your wpf application?

问题描述

Snoop 允许您查看应用程序内部并更改元素属性.它对开发人员来说是一项巨大的资产，但在某些情况下可能是一个安全问题，例如当我们的用户喜欢查看他们不应该查看的地方时.有没有办法阻止像 Snoop 这样的应用程序窥探"你的应用程序?

Snoop allows you to look inside the application and change element properties. Its a great asset for developers, but can be a security issue in some cases, like when we have users who like to look in places where they shouldn't be looking. Is there a way to do something to block applications like Snoop from "snooping" your application?

如果没有办法阻止它，您建议采取什么措施来最大程度地降低安全风险?

And if there is no way to block it, what do you recommend to do to minimize security risks?

Snoop 是一个实用程序，可让您浏览 wpf 应用程序的可视化树并查看和更改属性.当您尝试调试某些东西并且不知道发生了什么时，它非常有用.您可以在此处找到更多信息.

Snoop is a utility that allows you browse visual tree of a wpf application and view and change properties. Its very useful when you are trying to debug something and have no idea what is going on. You can find more here.

谢谢.

推荐答案

通过正确实施安全性.如果像 Snoop 这样的工具可以阻碍您的安全"，那么您就做错了.

By implementing security properly. If your "security" can be thwarted with a tool like Snoop, then you're doing it wrong.

假设有一个只有特定用户才能执行的命令.听起来您唯一要强制执行的地方是在 UI 级别(例如，通过禁用相应的按钮).既然如此，您是对的 - 我可以轻松地使用 Snoop 来启用按钮并执行命令.但是您应该在您的服务器上实施安全约束，或者如果您没有服务器，则可能在您的命令执行逻辑中实施.基本上，安全性应该尽可能接近您要保护的对象.UI 级别的安全性只是为了方便用户.

Suppose there's a command that only certain users can execute. It sounds like the only place you're enforcing this is at the UI level (by disabling the corresponding button, for example). That being the case, you're right - I could easily use Snoop to enable the button and execute the command. But you should be enforcing the security constraints on your server, or perhaps in your command execution logic if you have no server. Basically, security should be implemented as close to the thing you're trying to protect as possible. Security at the UI level is merely for convenience of the user.

这篇关于如何窥探你的 wpf 应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！