问题描述
我已经约 SecureString的
作为的MySQL连接器连接字符串一个一般性的问题。如果我的理解是正确的, SecureStrings
是安全的方式来存储我的程序中的字符串。现在我已经两个问题与:
I've a general question about a SecureString
as connection string for MySql-Connector. If i understood it right, SecureStrings
are a "safe" way to store strings within my program. Now i've two problems with that:
- 我在安装了密码读取(
文本框
是字符串
,因此不安全) - 我已经建立了使用mysql-connector连接字符串这是
字符串
(不安全再次)
- I've to read in the password at installation (
TextBox
which isstring
and therefore unsafe) - I've to build a connection string for the MySQL-Connector which is
string
(unsafe again)
例如:
MySqlConnection con = new MySqlConnection();
MySqlConnectionStringBuilder builder = new MySqlConnectionStringBuilder();
builder.Add("SERVER", "loaclhost");
builder.Add("PORT", "3306");
builder.Add("DATABASE", "test_db");
builder.Add("UID", "root");
builder.Add("PASSWORD", "11235813"); //not the real password ;)
con.ConnectionString = builder.ConnectionString;
con.Open();
这让我想起我的下一个问题:使用mysql-connector API是不安全,因为所有的值保存为纯文本字符串
最后一个问题:有没有使用任何意义 SecureString的
?
Final question: Is there any sense of using SecureString
?
在我看来,我可以使用字符串
到处都在我的计划。如果涉及到MySQL中的所有类型的加密(我PROGRAMM内)将是无用的。
In my opinion i could use string
everywhere in my program. If it comes to MySQL all kind of encryption (within my programm) will be useless.
我说的对与看法?是否有其他方法吗?
Am i right with that opinion ? Are there any other ways ?
最好的问候
亚历
best regardsAlex
推荐答案
有其他的方法来做到这一点。这取决于你认为你的连接字符串和什么类型的他们将有机会和技能水平的后谁正在添加。连接字符串就在那里,什么地方,无论你如何试图掩盖它。
There are other ways to do it. It depends on who you think is comming after your connection string and what type of access and skill levels they are going to have. The connection string is in there, somewhere, no matter how you try to hide it.
知道连接字符串可能被黑客攻破,我一直认为它会被砍死并采取在另一端的注意事项。
Knowing that the connection string could be hacked, I always assume that it will be hacked and take precautions on the other end.
我们做的数据库服务器结束几件事情,以确保即使在连接字符串comprimized数据仍然是安全的。
We do several things on the DB server end to make sure that even if the connection string is comprimized the data is still secure.
- 是accociated与连接字符串的用户在服务器上的几乎为零的权限。他们唯一的权限执行并控制对包含存储过程的架构。
- 的前端具有的唯一途径是通过存储过程。我们决不允许前端发送的SQL字符串。
- 数据被保存在一个单独的架构比execuatables,在数据模式的连接字符串相关联的数用户具有零权限,他们不能看它,闻到它或触摸它。
- 的存储过程的权限委派到具有足够的权限来执行PROC没有登录用户。 (WITH EXECUTE AS'不登陆用户')
- The user that is accociated with the connection string has virtually zero permissions on the server. The only permissions they have are EXECUTE and CONTROL on the SCHEMA that contains the Stored Procedures.
- The only access that the front end has is through stored procedures. We never allow the front end to send up SQL Strings.
- The data is kept in a seperate schema than the execuatables, in the DATA schema the user asssociated with the connection string has ZERO permissions, they cant look at it, smell it or touch it.
- The stored procedures delegate permissions to no-login user that has enough permissions to execute the proc. (WITH EXECUTE AS 'no-login User')
这是关于我们所能做的。我们还没有找到一种方法,以防止以某种方式某处被暴露的连接字符串。
This is about all we can do. We have not found a way to prevent the connection string from being exposed in some manner somewhere.
在回答这个问题亚历克斯下面问。 (太长评论)
In reply to the question that Alex asked below. (too long for a comment)
请注意。以下是MS SQL服务器,它可能适用于其他DBMS系统,但我不能担保任何其他人。
Note. The following is for MS SQL Server, it may apply to other DBMS systems but I cant vouch for any others.
一个数据库包含架构,架构包含数据库对象,如表,视图,存储过程。该schmea允许你围出的数据库对象,例如,如果你有一组表,任何人都被允许看到的,然后他们可以到成一个共同的模式,如果你有工资inforamtion,你需要确保你可以把这成为一个工资架构。然后,您可以把基于是其中的内部对象类型的模式不同的安全措施。 Graphicaly他们看起来像文件夹在硬盘上,并根据他们都是数据库对象,它们包含的。当你启动你的服务器,但是也有一些automaticaly创建多个架构。一个你最熟悉的将是DBO schmea。如果您的管理员已经设置了为默认模式,你可能不知道这一点。
A Database contains Schema, the Schema contain Database Objects such as tables, views, stored procedures. The schmea allows you to fence off data base objects, for instance, if you had a group of tables that anyone was allowed to see, then they could to into a COMMON schema, if you had payroll inforamtion that you needed to secure you could put that into a PAYROLL schema. You can then put different security measures on the SCHEMA based on the type of objects that are inside of them. Graphicaly they look like folders on a hard drive and under them are all of the database object that they contain. When you fire up your server, there are several schema that are automaticaly created. The one that you are most familiar with would be the DBO schmea. You might not be aware of it if your admin has set that up as your default schema.
我们做的是所有的数据放到一个数据schmea,这就是说,只有表是允许的。存储过程,如果我们有一个工资数据库,然后将数据表将进入一个名为dataPayroll架构。
What we do is to place all of the data into a DATA schmea, this means that only tables are allowed. So if we had a payroll database then the data tables would go into a schema called dataPayroll.
一个是块,或SQL代码数据库服务器块当叫上可以运行。它可以返回的数据的表,或一个单一的值。把它看成是在C#中的方法。
A Stored Procedure is a block, or blocks of SQL code that the Database server can run when called on. It can return a Table of data, or a single value. Think of it as a method in C#.
存储过程有输入,并返回在SQL代码中使用的参数。 Paramatarized存储过程是对SQL注入攻击强大的防御。
Stored procedures have input, and return parameters that are used in the SQL code. Paramatarized Stored Procedures are a strong defense against SQL Injection attacks.
我们的protocal说,存储过程和视图都存储在'PROG'开头的模式。所以在工资单数据库中的所有不属于数据的对象都是progPayroll架构内的情况。
Our protocal says that the Stored Procedures and Views are all stored in a schema preceded by ‘prog’. So in the case of the payroll database all of the objects that aren’t data are inside the progPayroll schema.
这是由连接字符串中定义的用户则只有控制及对前卫的架构执行权限。这使他们能够调用存储过程。这是由连接字符串中定义的用户会被拒绝其他所有权限。该用户还否认了所有权限,其他任何地方。在存储过程中,访问数据的权限委托给有权限使用EXECUTE AS命令从数据模式检索数据没有登录的用户。
The user that is defined by the Connection string then only has Control and Execute permissions on the ‘prog’ Schema. This allows them to call the Stored Procedure. The user that is defined by the Connection string is denied all other permissions. This user is also denied ALL permissions everywhere else. In the Stored procedure, the permission to access the data is delegated to a NO LOGIN user that has permission to retrieve the data from the ‘data’ schema using the EXECUTE AS command.
有是在前端没有SQL。所有前端程序员都知道是什么的存储过程的名称是,参数和返回类型和值。
There is NO sql in the front end. All the front end programmers know is what the name of the stored procedures are, the parameters and the return types and values.
这样,即使攻击者设法逗从你的程序的连接字符串,他们仍然有很多工作要做,以便能够做任何事情,因为他们有只能执行一个存储过程的用户数据库。
This way, even if the attacker manages to tease out the connection string from your program, they still have a lot of work to do to be able to do anything to your database since the user that they have can only execute a Stored Procedure.
如果您不知道任何这东西,那么你真的需要得到一个DB程序员可以将系统设置为你。
If you have no idea what any of this stuff is then you really need to get a DB programmer to set your system up for you.
这篇关于MySQL的SecureString的作为连接字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!