如何在Delphi中增加内存安全? [英] How can I increase memory security in Delphi?
问题描述
是否可以在Delphi中擦除字符串?让我解释一下:
Is it possible to "wipe" strings in Delphi? Let me explain:
我正在编写一个包含一个DLL来授权用户的应用程序。它将读取加密的文件到XML DOM中,使用该信息,然后释放DOM。
I am writing an application that will include a DLL to authorise users. It will read an encrypted file into an XML DOM, use the information there, and then release the DOM.
很明显,未加密的XML仍然位于内存中的DLL,因此容易受到检查。现在,我不会去保护这个 - 用户可以创建另一个DLL - 但我想采取一个基本的步骤,以防止用户名记忆中的年龄。但是,由于引用,我不认为我可以轻松擦拭内存。如果我遍历了我的DOM(这是一个TNativeXML类),并找到每个字符串实例,然后将其变成类似aaaaa的东西,那么它实际上并不会将新的字符串指针指定给DOM引用,然后将旧的字符串置于在记忆中等待重新分配?有没有办法确定我是唯一的和原始的副本?
It is obvious that the unencrypted XML is still sitting in the memory of the DLL, and therefore vulnerable to examination. Now, I'm not going to go overboard in protecting this - the user could create another DLL - but I'd like to take a basic step to preventing user names from sitting in memory for ages. However, I don't think I can easily wipe the memory anyway because of references. If I traverse my DOM (which is a TNativeXML class) and find every string instance and then make it into something like "aaaaa", then will it not actually assign the new string pointer to the DOM reference, and then leave the old string sitting there in memory awaiting re-allocation? Is there a way to be sure I am killing the only and original copy?
还是在D2007有一种方法来告诉它从堆中擦除所有未使用的内存?所以我可以释放DOM,然后告诉它擦拭。
Or is there in D2007 a means to tell it to wipe all unused memory from the heap? So I could release the DOM, and then tell it to wipe.
或者我应该继续下一个任务,忘记这一点,因为这真的不值得打扰。
Or should I just get on with my next task and forget this because it is really not worth bothering.
推荐答案
我不认为这是值得打扰的,因为如果用户可以使用DLL读取进程的内存,同一用户也可以在任何给定的时间点停止执行时间。在内存被擦除之前停止执行仍然会使用户完全访问未加密的数据。
I don't think it is worth bothering with, because if a user can read the memory of the process using the DLL, the same user can also halt the execution at any given point in time. Halting the execution before the memory is wiped will still give the user full access to the unencrypted data.
IMO任何对用户充满兴趣并能够做的描述的用户将不会严重不便于您的DLL擦拭内存。
IMO any user sufficiently interested and able to do what you describe will not be seriously inconvenienced by your DLL wiping the memory.
这篇关于如何在Delphi中增加内存安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
