我在SL中有一个LOB应用程序,其中一个目标是保存部分输入的数据以保持用户的状态。 例如,您开始向系统中添加新员工,关闭浏览器(或崩溃),下次打开浏览器时,您拥有之前输入的任何数据。
保存和加载很容易,我想知道是否已经有了保护数据的最佳做法,考虑到加密和解密都发生在同一台机器和相同的代码上,它看起来有点棘手......
I have a LOB application in SL, one of the aims is to save partially entered data to persist user's state. for example, you start adding a new employee to system, close the browser (or it crashes), next time you open the browser, you have whatever data you had entered before.
the saving and loading is easy, I was wondering if there is already a best practice for securing the data, considering both encryption and decryption happen on the same machine and same code, it looks a bit tricky...
最满意答案
看起来最好的做法是加密数据:
http://msdn.microsoft.com/en-us/magazine/dd458794.aspx
你是对的,因为加密和解密发生在同一台机器上,一个确定的黑客可以获得数据,所以它绝对不会100%安全。 您可以在服务器上创建一个WCF服务,以执行加密或解密操作,以便在需要时分离两者。
It looks like the best practice is to encrypt the data:
http://msdn.microsoft.com/en-us/magazine/dd458794.aspx
You're right though, since the encryption and decryption happen on the same machine a determined hacker could get to the data, so it would never be 100% secure. You could create a WCF service on the server to perform encryption or decryption to separate the two if you want.
更多推荐
发布评论