英文:
Go - password security in binary
问题
我打算在我的Go应用程序中保存一个密码/密钥,以便与其他应用程序进行通信。我想知道如何保护它,例如防止某人获取二进制文件并在某个十六进制查看器中搜索它。这样的安全实践是否常见,还是我太过担心了?
英文:
I intend to save a password/secret key in my Go application to be used in communication with some other applications. I wonder how to secure it from for example someone obtaining the binary and searching for it in some hex viewer. Are such security practices common, or am I worrying too much?
答案1
得分: 14
简洁地说:
不要这样做!
这样做不安全,会被破解。而且,如果每个人都使用相同的密码,那么当有人的密码被破解一次时,所有人的密码都会永久被破解。
英文:
Succinctly:
Don't!
It won't be secure; it will be broken. Further, if everyone is using the same password, then when it is broken once for one person, it is broken for all time for everyone.
答案2
得分: 4
混淆数据和/或代码。这意味着将密码存储在一个相对难以搜索的形式中,如果找到其位置,密码也相对难以解密。
如果没有足够安全的混淆方法(您希望完全安全),唯一的解决方案是不以任何形式将密码放入可执行文件中。
英文:
Obfuscate the data and/or code. This means to store the password in a form that is reasonably difficult to search for, and if its location is found the password is reasonably difficult to decipher.
In case no obfuscation method is secure enough (you want full security), the only solution is not to put the password into the executable in any form.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论