问题描述

我正试图发布在多个不同位置写给多台计算机的软件.该程序本身是Windows窗体应用程序.要安装它，我添加了一个安装项目，该项目也可以正常运行.所有文件都将复制到正确的文件夹中，并且用户在安装过程中所做的选择不会出现任何问题.但是:

I'm trying to release a software I wrote to multiple Computers in several different locations. The Program itself is a Windows Forms Application. To install it I added a setup project which also works perfectly fine. All files get copied to the right folders and the choices the user can make during the installation work without a flaw. But:

唯一的问题是，包含敏感数据(例如SQL连接字符串)的配置文件也会被复制/安装在目标计算机上.

The only problem is that the config file, which contains sensible data like for example the SQL connection string, gets also copied / installed on the target computer.

是否有一种方法可以将用户无法读取的数据存储在应用程序中?我考虑过因为应用程序变得混乱而只在类中编写它，但是我不确定这是否足够安全以及这是否真的可行...

Is there a way to store this data unreadable for the user in the application?I thought about just writing it in a class since the application gets obfuscated but I'm not sure if this is secure enough and if this really is a way to go...

任何帮助表示赞赏！

推荐答案

您可以使用混淆方案，使用嵌入在代码本身中的私钥对敏感文件进行加密保护.最好将所有敏感的配置数据嵌入代码中，因为仅当配置发生更改时，您无需重新构建-测试-释放应用程序.

You might cryptographically secure the sensitive file with a private key embedded in code itself with an obfuscation scheme. This is better then embedding all sensitive config data in code since you would not need rebuild-test-release your application when only your config changes.

从理论上讲，如果以用户模式运行的应用程序可以以任何方式访问普通敏感数据，则用户也可以(清除混淆，内存转储等).由于生成或解密敏感数据所需的所有信息都离线存在(代码，磁盘，内存)，因此具有足够技能的人可以通过检查代码(甚至是机器代码)来确定解密方案.

Theoretically, If an application running in user mode can -anyhow- access the plain sensitive data, so can the user(de-obfuscation, memory dump etc). Since all information needed to generate or decipher the sensitive data is present offline (code, disk, memory), one -with enough skills- can determine the decryption scheme by examining the code (even the machine code)

将应用程序视为具有快速计算能力和海量内存技能的用户，以便它可以即时对代码进行模糊处理，并进行必要的计算以解密安全"数据

Think of an application as a user with rapid calculation and massive memory skills so it can de-obfuscate your code on the fly and do the needed calculations to decrypt the "safe" data

这篇关于发布没有配置文件的构建的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！