如何存储我的SQLite Cipher数据库的密码?

huangapple go评论63阅读模式
英文:

How to store the password of my SQLite Cipher database?

问题

在我的C#项目中,我需要使用SQLite Cipher来存储一些数据。但是数据库的密码也存在一个问题:要将密码存储在哪里。

我的应用程序应该能够在离线情况下工作(与任何服务器断开连接)。这意味着密码必须保存在某个加密文件或源代码中。

如果密码保存在加密文件中,那么下一个问题是要将加密文件的密码保存在哪里...

我的公司对软件安全有严格要求,例如不能硬编码密码等。

有什么建议吗?

英文:

In my C# project, I need to use SQLite Cipher to store some data. While the password of the database also meets the problem: where to store it.

My application should be able to work when it is offline (disconnected from any server). So that means the password must be saved in either some encrypted file or in source code.

If the password is saved in a encrypted file, then the next problem is where to save the encrypted file's password...

My company has strict requirements for software security, e.g. cannot hardcode password, etc.

Any advise?

答案1

得分: 1

这是一个没有完美解决方案的经典问题,只有"相对较好"的解决方案。

通常,主密码存储在只有机器的根帐户或启动过程可以访问的文件/位置中。

根/启动帐户读取密码,然后以较低特权进程的形式启动应用程序,该进程无法访问密码文件,并提供密码。

我的公司对软件安全有严格要求,例如不能硬编码密码等。

如何实施这一要求取决于您公司的具体标准。完全有可能他们不允许在任何地方存储密码,而需要在启动时由人工输入凭据。

这并不常见,但在一些非常高风险的情况下会这样做。

我建议不要猜测,而是建议询问他们当前的软件是如何实现这些要求的,然后按照他们当前的做法来操作。

即使看起来正确,安全和加密很容易做得很糟糕。

英文:

This is a classic problem with no perfect solution, only "less bad" solutions.

Typically, the master password is stored in a file/location that only the machine's root account or startup process has access to.

The root/startup account reads the password, then starts the application as a lower privilege process that doesn't have access to the password file, and gives it the password.

> My company has strict requirements for software security, e.g. cannot hardcode password, etc.

How you implement this depends on your company's specific standards. It's entirely possible that they don't allow storing it anywhere and that a human would need to input the credentials at startup.

This isn't common, but is done in some very high risk situation.

Instead of guessing, I would suggest asking how their current software implements these requirements and doing whatever they currently do.

Security and encryption is very easy to do badly even if it looks correct.

huangapple
  • 本文由 发表于 2023年2月7日 01:35:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/75364702.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定