是不是访问私有字段和属性由于反射安全问题? [英] Isn't accessing private fields and properties due to reflection a security issue?
问题描述
我刚刚发现了这里,有可能(至少在C#)来查找私人领域,由于反射属性。
我惊讶于,allthough我知道,不知怎的,构造像datacontract串行器需要能够访问它们。
现在的问题是,如果任何人都可以在我的班级访问每一个领域,这是一种不安全的。难道不是吗?我的意思是,如果有人有一个私人布尔_isLicensed 字段。
后来我发现的这里的EM>字段访问的他们的目的不是<作为一个安全机制。
那么,如何让我的应用程序保存,这意味着我怎么防止别人比我改变我的类中必不可少的状态值?
现在的问题是,如果任何人都可以在我的班级访问每一个领域,这是一种不安全的。
不是每个人都可以。只有代码具有足够的权限 - 信任的代码。不可信的代码被限制了不少。在另一方面,如果谁想要使用反射的人有您的程序集,还可以跑相信自己的机器上的代码。这不是一个新的攻击向量不过,好像他们已经得到了你的代码,他们可以的也的修改,以使在首位的业界人士。
基本上,如果代码是他们的机器上运行,你应该期望他们能够用它做几乎任何东西。不要依赖于访问修饰符保持什么秘密。
那么,如何让我的应用程序保存,这意味着我怎么防止别人比我改变我的类中必不可少的状态值?
如果敌对用户运行的是你的代码本身,你几乎不能。你可以让他们更难,但这是一场军备竞赛是没有乐趣。
因此,在一个选项的部分的情况下,是不是让其他人遇到你的代码 - 承载它你锁定的环境在网络上。这是不恰当的在所有情况下,当然。
如果您的有无的让用户运行的代码本身,你需要权衡的缺点他们的篡改使得该篡改困难的费用。我们真的不能帮你平衡的行为 - 我们没有任何想法,你的应用是什么,或者什么所涉及的费用(声誉,财务等)
I just recently found out here that it is possible (at least in c#) to lookup private fields and properties due to reflection.
I was surprized, allthough i knew that somehow constructs like the datacontract serializer need the possibility to access them.
The question now is, if anyone may access every field in my classes, this is kind of insecure. Isn't it? I mean what if someone has a
private bool _isLicensedField. It would be changed easiliy!Later I found out here that the field accessors they are not meant as a security mechanism.
So how do I make my Application save, means how do I prevent anyone else than me changing essential status values inside my classes?
解决方案The question now is, if anyone may access every field in my classes, this is kind of insecure.
Not everyone can. Only code with sufficient permissions - trusted code. Untrusted code is restricted quite a bit. On the other hand, if the person who wants to use reflection has your assembly, they can run trusted code on their own machine. That's not a new attack vector though, as if they've got your code they could also modify it to make the field public in the first place.
Basically, if code is running on their machine, you should expect them to be able to do pretty much anything with it. Don't rely on access modifiers to keep anything secret.
So how do I make my Application save, means how do I prevent anyone else than me changing essential status values inside my classes?
If the hostile user is running your code themselves, you pretty much can't. You can make it harder for them, but that's an arms race which is no fun.
So one option in some cases is not to let anyone else run your code - host it on the web in an environment you've locked down. That's not appropriate in all cases, of course.
If you have to let users run the code themselves, you need to weigh up the downsides of them tampering with the costs of making that tampering difficult. We can't really help you with that balancing act - we don't have any idea what your application is, or what the costs involved are (reputational, financial etc).
这篇关于是不是访问私有字段和属性由于反射安全问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
