加密连接字符串 [英] Encrypt connection strings
问题描述
我工作的一个Windows桌面程序。这一计划将连接到远程SQL服务器。它有一个3层架构。因此该解决方案包含几个ClassLibraries以及一个主Windows窗体应用程序。我不使用感到安全连接字符串是这样的:
I'm working on a windows desktop program. This program will connect to a remote SQL server. It has a 3-tier architecture. So the Solution contains several ClassLibraries as well as a main Windows Form Application. I don't feel safe using connection string like this:
string connStr = "Data Source=94.xx.xxx.xx; Initial Catalog=xxxxx; User Id=xxxxx; Password=xxxxx";
时的安全使用这样?是否有可能有人反编译的.exe文件,并访问该连接字符串?我知道我可以使用app.config文件。但我未能导入ConfigurationManager中,不能用ConfigurationManager.ConnectionStrings [XXX] ConnectionString.ToString();。 code。除了它不觉得安全了。我认为,最好的做法是连接字符串加密。我发现对于一个例子:
Is it safe to use like that ? Is it possible for someone to decompile the ".exe" file and access this connection string? I know I can use app.config file. But I was failed to import "ConfigurationManager" and couldn't use "ConfigurationManager.ConnectionStrings["xxx"].ConnectionString.ToString();" code. Besides it doesn't feel safe too. I think, the best practice would be to encrypt the connection string. I found an example for that :
的http://www.$c$cproject.com/Articles/18558/Encrypting-windows-application-connection-strings
但它使用的Visual Studio的旧版本。我无法弄清楚如何添加一个安装项目包含项目的主输出自定义操作。
But it uses an older version of Visual Studio. And I couldn't figure out how to add a "Setup Project with a custom action containing the project's primary output" .
是否有任何其他方式安全地使用连接字符串中architectured视窗3层窗体应用程序?
Is there any other way to safely use connection string in a 3-tier architectured Windows forms application?
PS:我使用Visual Studio的前preSS 2013年Windows桌面
PS: I'm using Visual Studio Express 2013 for Windows Desktop
推荐答案
这是不可能隐藏在计算机上的连接字符串。任何意见与此相反的是万金油。加密也无济于事。你拿出所有可能的方案将(容易)通过运行应用程序的计算机上的本地管理员击败。本地管理员总是能够访问你的本地加密密钥,不管你多么花哨设计你的保护。
It is not possible to hide a connection string on a machine. Any advice to the contrary is snake oil. Encryption will not help. All possible schemes you come up will be (easily) defeated by a local administrator on the machine that runs your application. a local administrator will always have access to your local encryption keys, no matter how fancy you try to design your protection.
部署应用程序,使用嵌入式名和密码连接到一个公共的SQL Server是一个注定的无用功,无论你如何试图隐藏名和密码。
Deploying application that connect to a public SQL Server using embedded name and password is a doomed exercise in futility, no matter how you try to hide the name and password.
一个更好的立场是部署连接使用用户(登录对话框)中输入用户名和密码的应用程序。显然,每个应用程序的用户使用不同的SQL用户名/密码。但是,这也粉碎成碎片任何中型部署为每个用户变得无法管理该名/密码维护。
A better stance is to deploy an application that connects using a name and password entered by the user (a login dialog). Obviously each application user uses a different SQL user/password. But this also crumbles to pieces on any medium sized deployment as the name/password maintenance for each user becomes impossible to manage.
一个体面的解决办法是使用集成的身份验证,但只有一个域(即法人)内工作。如果你的应用是在域(或林),即内分布。在公司中,比集成的身份验证是做它的正确方法。
A decent solution is to use integrated authentication, but that only works within a domain (ie. a corporation). If your application is to be distributed within a domain (or a forest), ie. in a corporation, than integrated authentication is the proper way to do it.
如果您在大量分发应用程序,以公开和应用程序需要手机之家,并连接到SQL Server通过公共互联网,那么你需要回到绘图板。它永远不会工作,安全问题是不可能解决的。你必须改变你的应用程序通过您的preferred验证方法连接到一个服务接口(REST,SOAP)和验证它(的形式,OAuth的)。不用说,如果你codeD直接使用SQL连接(EF,LINQ的,ADO.NEt)这一切都付诸东流,你必须从头开始一个新的应用程序。您的应用程序
If you distribute your application to public at large and your application needs to 'phone home' and connect to a SQL Server over public internet, then you need to go back to the drawing board. It will never work, the security problem is impossible to solve. You'll have to change your application connect to a service interface (REST, SOAP) and authenticate to it via your preferred authentication method (forms, oauth). Needless to say, if you coded your app using direct SQL connectivity (EF, Linq, ADO.NEt) it all goes down the drain and you have to start a new app from scratch.
这篇关于加密连接字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
