如何在 C# 应用程序中安全地存储数据库登录名和密码?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11685206/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I safely store database login and password in a C# application?
提问by Alexandru Pupsa
I have a C# application that needs to connect to an SQL database to send some data from time to time. How can I safely store the username and password used for this job?
我有一个 C# 应用程序,它需要连接到 SQL 数据库以不时发送一些数据。如何安全地存储用于此作业的用户名和密码?
采纳答案by ken2k
There is a nice MSDN articleabout how to secure connection strings in .Net.
有一篇很好的 MSDN 文章关于如何保护 .Net 中的连接字符串。
You might want to use protected configuration.
您可能想要使用受保护的配置。
回答by Shamim Hafiz
Not sure about your exact requirements, but first and foremost, you have to encrypt the password. Also, when transmitting such sensitive information, consider using a secured connection.
不确定您的确切要求,但首先,您必须加密密码。此外,在传输此类敏感信息时,请考虑使用安全连接。
回答by Robin Maben
Store an encrypted version in your connection string and form the connection string programmatically after decrypting the password.
将加密版本存储在您的连接字符串中,并在解密密码后以编程方式形成连接字符串。
You could use any encryption mechanism of your choice - from trivial to complex.
您可以使用您选择的任何加密机制 - 从简单到复杂。
回答by Tim Medora
Use integrated Windows authentication whenever possible. It takes the onus off of your application and lets Windows handle it. Using Windows authentication instead of SQL authentication is considered a best practice.
尽可能使用集成的 Windows 身份验证。它减轻了您的应用程序的责任,并让 Windows 处理它。使用 Windows 身份验证而不是 SQL 身份验证被认为是最佳实践。
Read this accepted answer: the best way to connect sql server (Windows authentication vs SQL Server authentication) for asp.net app
阅读此已接受的答案:为 asp.net 应用程序连接 sql server(Windows 身份验证与 SQL Server 身份验证)的最佳方法
另见:http: //www.mssqltips.com/sqlservertip/1831/using-windows-groups-for-sql-server-logins-as-a-best-practice/
And: http://www.greensql.com/content/sql-server-security-best-practices
和:http: //www.greensql.com/content/sql-server-security-best-practices
Incidentally, if this is a "job" as implied by the question, it may be a great candidate for a simple Windows service or scheduled task, both of which can run in a specific security context (i.e. as a specific Windows user).
顺便说一句,如果这是问题所暗示的“工作”,它可能是简单 Windows 服务或计划任务的绝佳候选者,这两者都可以在特定的安全上下文中运行(即作为特定的 Windows 用户)。
回答by JohnnBlade
in your app.config or web.config and then you encrypt them using the .net encryption provider
在您的 app.config 或 web.config 中,然后使用 .net 加密提供程序对它们进行加密
for more info check here http://msdn.microsoft.com/en-us/library/dx0f3cf2%28v=vs.80%29.aspx
有关更多信息,请在此处查看 http://msdn.microsoft.com/en-us/library/dx0f3cf2%28v=vs.80%29.aspx
Encrypting Configuration Information Using Protected Configuration
使用受保护的配置加密配置信息
http://msdn.microsoft.com/en-us/library/53tyfkaw%28v=vs.80%29.aspx
http://msdn.microsoft.com/en-us/library/53tyfkaw%28v=vs.80%29.aspx
回答by Satinder singh
Codeto Convert stirng into md5
将搅拌转换为 md5 的代码
using System.Text;
using System.Security.Cryptography;
public static string ConvertStringtoMD5(string strword)
{
MD5 md5 = MD5.Create();
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(strword);
byte[] hash = md5.ComputeHash(inputBytes);
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hash.Length; i++)
{
sb.Append(hash[i].ToString("x2"));
}
return sb.ToString();
}
回答by Shane.C
You may want to look at the RijndaelManaged key, which is quite a secure symmetric encryption key. A good article on this information (and tutorial) can be found here;
您可能想查看 RijndaelManaged 密钥,它是一个非常安全的对称加密密钥。可以在此处找到有关此信息(和教程)的好文章;
回答by user1102001
you can use encryption and dyscryption algorithm for passwords and log your user information by who created user and what datetime it created and save this in database. and even if someone update or edit log that information in database.
您可以对密码使用加密和解密算法,并按创建用户的用户和创建日期时间记录您的用户信息,并将其保存在数据库中。即使有人在数据库中更新或编辑了该信息。
