缓存密码的SQL Server连接,散列 [英] Cache password for SQL Server connection as a hash
问题描述
我正在写一个.NET 4.0的应用程序需要访问一个SQL Server(v10.50.1600)数据库中的企业内部网。该数据库不支持集成安全性/ SSPI登录,只有用户/密码登录。到目前为止,我所管理的最好的是:
I'm writing a .NET 4.0 application that requires access to a SQL Server (v10.50.1600) database on the intranet. The database does not support integrated security/SSPI logins, only user/password logins. The best I've managed so far is:
SqlConnectionStringBuilder builder = new SqlConnectionStringBuilder()
{
DataSource = Settings.SQLHostName,
Encrypt = true,
TrustServerCertificate = true,
UserID = Settings.SQLUser,
Password = "xxx",
InitialCatalog = "xxx"
};
不过,这需要我店,并在本地操纵明文密码,我想避免的东西。
However, this requires that I store and manipulate a plain-text password locally, something that I want to avoid.
有没有办法给ADO,LINQ或实体框架,等密码散列而不是密码连接到SQL Server?
Is there a way to give ADO, LINQ, or the Entity Framework, etc. a password hash instead of a password to connect to a SQL Server?
而加密存储的连接字符串有总比没有好,它最终使用前需要进行解密。由于背后没有WPF的密码箱可绑定的内容属性的理由显然,保持明文密码保存在内存中是一个坏主意,任何类型的连接字符串解密使用声音不明智了。
Whereas encrypted storage for connection strings is better than nothing, it eventually needs to be decrypted before use. Since the rationale behind not having a bindable content property on WPF password boxes is apparently that keeping plaintext passwords in memory is a bad idea, any sort of connection string decryption before use sounds ill-advised.
理想的替代方案是如何理解SQL服务器存储和传输的密码摘要;本地应用相同的摘要算法;然后发送明文密码的摘要来代替。不幸的是,它似乎在部分这里TDS7密码编码描述:
The ideal alternative would be understanding how SQL server stores and transmits its password digests; applying the same digest algorithm locally; and then sending the digest instead of the plaintext password. Unfortunately, it seems that the TDS7 password encoding described in part here:
http://dbaspot.com/ms-sqlserver/ 210567-tds7-8登陆-packets.html
似乎不使用任何摘要算法的。所以,我可能坚持以下podiluska的答案。
seems to not use any digest algorithm at all. So I'm probably stuck with podiluska's answer below.
推荐答案
您可以加密在App.config的连接字符串。
You can encrypt a connection string in the app.config.
<一个href="http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx">http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx
<一个href="http://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.100).aspx">http://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.100).aspx
不过,由于这是一个Intranet应用程序,我会推荐找出为何集成安全性未启用。
However, given this is an intranet application, I would recommend finding out why Integrated Security is not enabled.
这篇关于缓存密码的SQL Server连接,散列的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
