问题描述
我们随相关的配置文件中的.NET应用程序。我们的顾问安装过程中创建配置文件。我们想使它很难为客户端篡改配置文件。
We ship a .NET application with an associated configuration file. Our consultants create the configuration file during installation. We'd like to make it hard for the client to tamper with the configuration file.
什么渠道我们有?
目前,我在想我们的私钥签名的配置文件,并验证其对公共密钥的应用程序启动时。然后我会躲在某处的EXE的公钥。
At the moment, I'm thinking about signing the configuration file with our private key and verifying it against the public key when the application starts. I'd then hide the public key in the EXE somewhere.
我怎么会去这样做?有没有更好的方式来做到这一点?
How might I go about doing this? Are there better ways to do this?
注:我的明白,这将没有prevent 确定的攻击者。我们正在寻求关闭掉一些最简单的路线和移动到所需的故意,而不是过失,侵权的努力。的
Note: I'm aware that this will not prevent a determined attacker. We're looking at closing off some of the easiest routes and moving the effort required into deliberate, rather than negligent, infringement.
推荐答案
这没有任何意义。要运送的配置文件。它用于配置应用程序。但你不希望它被改变?这样的话它不能被用来配置该应用程序。那么,为什么即使有一个配置文件麻烦?为什么不直接将其嵌入在应用程序本身?
This doesn't make any sense. You are shipping a configuration file. It's used for configuring the application. But you don't want it to be changed? So then it can't be used to configure the application. So, then why even bother with a configuration file? Why not just embed it as a resource in the application itself?
我在想什么?
编辑,为您的新的信息作出反应:
Edit, to respond to your new information:
使用 XMLDSIG 。 注册中的的app.config
。 验证的签名。
Use XMLDSIG. Sign the app.config
. Verify the signature.
这篇关于防篡改的.NET配置文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!