如何安全地存储数据库连接详细信息 [英] How to securely store database connection details

问题描述

在需要打开数据库连接的应用程序中，必须将用户名/密码详细信息发送到数据库。

In an application that needs to open a database connection, the username/password details must be sent to the database. What is the most secure way of storing, and using, this data?

推荐答案

确切的方法取决于环境，一般，您将凭据存储在只能由您的应用程序运行为的用户读取的位置。例如在Windows上，您将凭据存储在注册表中由ACL保护的位置，以便只有该用户可以读取它。或者，您可以使用DPAPI加密数据，以便进一步保护。在Unix中，您可以将它存储在受 chmod （可选加密）保护的文件中，以便只有应用程序可以读取它。

The exact method depends on the environment, but in general, you store the credentials in a location which is only readable by the user that your application is running as. For example on Windows you would store the credentials in the registry in a location protected by an ACL so that only that user could read it. Optionally, you could use the DPAPI to encrypt the data so it was further protected. In Unix, you would store it in a file that was protected with chmod (and optionally encrypted) so that only the app could read it.

这篇关于如何安全地存储数据库连接详细信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！