保持密码可配置的最佳方法是什么,又不会让普通读者太容易获得密码? [英] What is the best way to keep passwords configurable, without having them too easily available to the casual human reader?
问题描述
我有一个数据库,许多不同的客户端应用程序(少量的 Web 服务、一些 Java 应用程序和一些 dot net 应用程序)连接到该数据库.并非所有这些都在 Windows 上运行(可悲的是,否则只需为数据库连接启用 Windows 身份验证,就会使这成为一个简单的答案问题).目前,密码存储在系统周围的各种配置/属性文件中.理想情况下,只有支持人员才能访问运行文件的服务器,但如果其他人获得了其中一台服务器的访问权限,他们将拥有足够的数据库权限来获取当前数据的公平重击.
I have a database that many different client applications (a smattering of web services, some java apps and a few dot net applications) connect to. Not all of these are running on windows (Sadly, otherwise it would make this an easy answer question with just enabling windows authentication for database connections). At the moment, the passwords are stored in various configuration / properties files lying around the systems. Ideally, only the support staff have access to the servers where the files are running, but if someone else gains access to one of the servers, they would have enough database permissions to get a fair whack of data as it stands now.
那么我的问题是,保持密码可配置的最佳方法是什么,又不会让普通读者太容易获得密码?
My question then, What is the best way to keep the passwords configurable, without having it too easily available to the casual human reader?
编辑 澄清一下,数据库服务器是 Windows Server 2003,运行 MSSQL 2005.
Edit Just to clarify, DB server is Windows Server 2003, running MSSQL 2005.
PS:我没有看到任何与此重复的问题,但如果有,请随时关闭此问题.
PS: I don't see any questions that this duplicates, but if there are, please feel free to close this one.
推荐答案
我假设您想对临时观察者隐藏密码.如果他们是邪恶的、目光坚定的观察者,可以访问其中一台连接的机器上的所有源代码,那么他们可以通过一些逆向工程获得密码.
I'm assuming you want to hide the passwords from casual observers. If they were evil, steely eyed observers with access to all the source code on one of the machines that connects, then they can get the password with a bit of reverse engineering.
请记住,您不需要为每个不同的客户端使用相同的保护.几个步骤:-
Remember that you do not need to use the same protection for each different client. A few steps:-
- 为访问您的数据库的不同系统创建不同的数据库帐户
- 使用内置数据库 GRANT 将数据库的访问权限限制为仅他们需要的内容
- 在数据库的密码管理器类中存储三重 DES(或其他)密钥.使用它来解密属性文件中的加密值.
我们还考虑过让应用程序在启动时提示输入密码,但尚未实现,因为这看起来很麻烦,而且您的操作人员需要知道密码.它可能不太安全.
We have also considered having the application prompt for a pass-phrase on startup but have not implemented this as it seems like a pain and your operations staff then need to know the password. It's probably less secure.
这篇关于保持密码可配置的最佳方法是什么,又不会让普通读者太容易获得密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
