客户端登录 - 如何在客户端安全地存储凭据? [英] Client Login - how to store credentials securely on client side?

问题描述

许多 API 通过用户/密码组合提供对其数据的远程访问.

As many APIs provides access remotely to their data through the user/password combination.

我想知道哪种存储这些价值的最佳方式是高度安全的方式(即使 100% 是不可能的)，以便直接连接它们而无需每次都询问.

I was wondering which was the best way to store those value, highly secure way (even if 100% is impossible), in order to connect them directly without asking every time for those.

推荐答案

我推荐以下三种方法之一:

I recommend one of three approaches:

• 完全避免使用身份验证令牌存储密码.在这个模型中，用户登录一次，服务器生成一个唯一的、大的、稀疏的令牌，客户端可以存储和用作其登录密码".服务器一次只接受来自一个客户端的这个令牌，所以如果两个客户端尝试同时使用它，令牌就会失效.令牌通常也会在一段时间后失效(1 周、2 周、一年，任何合适的时间).当令牌失效时，用户必须重新手动登录并重复该过程.这基本上是 Gmail 和类似网站登录的方法.

• Avoid storing the password at all by using authentication tokens. In this model, the user logs in one time, and the server generates a unique, large, sparse token that the client can store and use as its login "password." The server only accepts this token from one client at a time, so if two clients try to use it simultaneously, the token is invalidated. The token is also generally invalidated after a period of time (1 week, 2 weeks, a year, whatever is appropriate). When the token is invalidated, the user must log in again by hand and the process is repeated. This is basically the approach of Gmail and similar web site logins.

如果您必须存储密码，我建议您依靠操作系统来管理它.Windows 和 Mac 都有很好的安全存储系统(分别是 DPAPI 和 Keychain).但是，Linux 没有一个好的始终可用的解决方案，因此这取决于您的市场.使用操作系统的优势在于，操作系统可以提供您自己无法轻易提供的保护，并且用户可以将操作系统存储的整体保护(使用智能卡等)集中管理到您不太可能重现的水平.对于用户来说，操作系统安全存储区通常也非常方便.

If you must store the password, I recommend relying on the OS to manage it for you. Windows and Mac both have good secure storage systems (DPAPI and Keychain respectively). Linux doesn't have a good always-available solution, though, so it depends on your market. The advantage of using the OS is that the OS can provide protections you can't easily provide yourself, and the user can centrally manage the overall protection of the OS storage (using smartcards, etc.) to a level you are unlikely to reproduce. The OS secure stores are also typically quite convenient for the user.

如果这些都不是选项，则存储一个带有主密码的加密文件，用户每次启动您的应用程序时都必须输入该密码.这就是 Firefox 的工作方式(或者至少我上次查看时是这样，已经有一段时间了).这是相当安全的，但对用户来说不太方便(低便利性通常意味着用户的采用率低，或者通过简单的密码使用不佳等).我将研究 Firefox 代码作为如何实现这一点的示例.

If neither of these are options, then store an encrypted file with a master password that the user must enter every time they launch your app. This is how Firefox works (or at least it did last time I looked, which has been a while). This is reasonably secure, but much less convenient for the user (and low convenience often means low adoption by the users, or poor use through simpler passwords, etc). I would investigate the Firefox code as an example of how to implement this.

这篇关于客户端登录 - 如何在客户端安全地存储凭据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！