zoukankan      html  css  js  c++  java
  • Connection对象连接加密2

    一般情况下,大多数人习惯于将数据库连接写在web.config上里面,理论上讲,将明文存放在该文件里面是安全的,因为web.config文件是不允许被客户端下载,但一旦该文件泄漏出去,哪怕是很短的时间,数据库都将承受巨大的危害,可能花上N年才充实起来的信息在很短时间里毁于一旦。这是任何程序绝对不应该出现的问题。有人用简单的对称加密来将数据库连接字符串的密文存放,但密钥一旦丢失,加密与否,形同虚设,那么如何保证连接字符串的安全性呢。下面这个类就完成这个功能,该类调用系统API,在不同的系统中对相同的连接串会生成不同的密文,即使非法获得该串,不能获得在服务器上的管理员权限,仍然没有能力知道数据库的真正所在。有人说,那服务器管理员权限也被盗用了呢?那盗用者还需要经过一系列复杂的跟踪和总结,来获得系统标识变量。这无疑又是一个难度,等到他真正破解了解该系统的时候,也许你早就在此之前,改正了服务器的配置和密码,还害得人家白忙活了一趟。够阴的!

    using System;
    using System.Text;
    using System.Runtime.InteropServices;
     
    namespace JillZhang.Security
    {
        public enum  Store
        {
            USE_NACHINE_STORE=1,USE_USER_STORE
        };
        public class DataProtector
        {
     
            [DllImport("Crypt32.dll",SetLastError=true,CharSet=System.Runtime.InteropServices.CharSet.Auto)]
            private static extern bool CryptProtectData
                (
                ref DATA_BLOB pDataIn,
                String szDataDecr,
                ref DATA_BLOB pOptionEntropy,
                IntPtr pvReserved,
                ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
                int dwFlags,
                ref DATA_BLOB pDataOut
                );
     
            [DllImport("Crypt32.dll",SetLastError=true,CharSet=System.Runtime.InteropServices.CharSet.Auto)]
            private static extern bool CryptUnprotectData
                (
                ref DATA_BLOB pDataIn,
                String szDataDecr,
                ref DATA_BLOB pOptionEntropy,
                IntPtr pvReserved,
                ref CRYPTPROTECT_PROMPTSTRUCT pPromptStruct,
                int dwFlags,
                ref DATA_BLOB pDataOut
                );
     
            [DllImport("kernel32.dll",CharSet=System.Runtime.InteropServices.CharSet.Auto)]
            private unsafe static extern int FormatMessage
                (
                int dwFlags,
                ref IntPtr lpSource,
                int dwMessageId,
                int dwLanguageId,
                ref String lpBuffer,
                int nSize,
                IntPtr *Arguments
                );
            [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)]
                internal struct DATA_BLOB
            {
                public int cbData;
                public IntPtr pbData;
            }
            [StructLayout(LayoutKind.Sequential,CharSet=CharSet.Unicode)]
                internal struct CRYPTPROTECT_PROMPTSTRUCT
            {
                public  int cbSize;
                public int dwPromptFlags;
                public IntPtr hwndApp;
                public String szPrompt;
            }
            static  private  IntPtr NullPtr=((IntPtr)((int)(0)));
            private const int CRYPTPROTECT_UI_FORBIDDEN=0x1;
            private const int CRYPTPROTECT_LOCAL_MACHINE=0x4;
     
            private Store store;
            public DataProtector(Store tempStore)
            {
                store=tempStore;            
            }
            public byte[] Encrypt(byte[] plainText,byte[] optionalEntropy)
            {
                bool reVal=false;
                DATA_BLOB plainTextBlob = new DATA_BLOB();
                DATA_BLOB cipherTextBlob=new DATA_BLOB();
                DATA_BLOB entropyBlob = new DATA_BLOB();
                CRYPTPROTECT_PROMPTSTRUCT prompt=new CRYPTPROTECT_PROMPTSTRUCT();
                InitPromptstruct(ref prompt);
                int dwFlags;
                try
                {
                    try
                    {
                        int byteSize=plainText.Length;
                        plainTextBlob.pbData=Marshal.AllocHGlobal(byteSize);
                        if(IntPtr.Zero==plainTextBlob.pbData)
                        {
                            throw new Exception("Unable to allocate plaintext buffer:");
                        }
                        plainTextBlob.cbData=byteSize;
                        Marshal.Copy(plainText,0,plainTextBlob.pbData,byteSize);  
                    }
                    catch(Exception ex)
                    {
                        throw new Exception("Exception marshalling data.:"+ex.Message);
                    }
                    if(Store.USE_NACHINE_STORE==store)
                    {
                        //计算机存储区
                        dwFlags=CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDDEN;
                        if(null==optionalEntropy)
                        {
                            optionalEntropy=new byte[0];
                        }
                        try
                        {
                            int byteSize=optionalEntropy.Length;
                            entropyBlob.pbData=Marshal.AllocHGlobal(optionalEntropy.Length);
                            if(IntPtr.Zero==entropyBlob.pbData)
                            {
                                throw new Exception("Unable to allocate entropy data buffer.");
                            }
                            Marshal.Copy(optionalEntropy,0,entropyBlob.pbData,byteSize);
                            entropyBlob.cbData=byteSize;
                        }
                        catch(Exception ex)
                        {
                            throw new Exception("Exception entropy marshalling data."+ex.Message);
                        }    
                    }
                    else
                    {
                        dwFlags=CRYPTPROTECT_UI_FORBIDDEN;
                    }
                    reVal=CryptProtectData(ref plainTextBlob,"",ref entropyBlob,IntPtr.Zero,ref prompt,dwFlags,ref cipherTextBlob);
                    if(false == reVal)
                    {
                        throw new Exception("Encryption failed."+GetErrorMessage(Marshal.GetLastWin32Error()));
                    }
                }
                catch(Exception ex)
                {
                    throw new Exception("Exception encrypting:"+ex.Message);
                }
                byte[] cipherText = new byte[cipherTextBlob.cbData];
                Marshal.Copy(cipherTextBlob.pbData,cipherText,0,cipherTextBlob.cbData);
                return cipherText;
            }
            public byte[] Decrypt(byte[] ciperText,byte[] optionalEntropy)
            {
                bool reVal=false;
                DATA_BLOB plainTextBlob=new DATA_BLOB();
                DATA_BLOB cipherBlob=new DATA_BLOB();
                CRYPTPROTECT_PROMPTSTRUCT prompt=new CRYPTPROTECT_PROMPTSTRUCT();
                InitPromptstruct(ref prompt);
                try
                {
                    try
                    {
                        int cipherTextSize=ciperText.Length;
                        cipherBlob.pbData=Marshal.AllocHGlobal(cipherTextSize);
                        if(IntPtr.Zero==cipherBlob.pbData)
                        {
                            throw new Exception("unable to allocate cipherText buffer.");
                        }
                        cipherBlob.cbData=cipherTextSize;
                        Marshal.Copy(ciperText,0,cipherBlob.pbData,cipherBlob.cbData);
                    }
                    catch(Exception ex)
                    {
                        throw new Exception("Exception marshalling data."+ex.Message);
                    }
                    DATA_BLOB entropyBlob=new DATA_BLOB();
                    int dwFlags;
                    if(Store.USE_NACHINE_STORE==store)
                    {
                        dwFlags=CRYPTPROTECT_LOCAL_MACHINE|CRYPTPROTECT_UI_FORBIDDEN;
                        if(null==optionalEntropy)
                        {
                            optionalEntropy=new byte[0];
                        }
                        try
                        {
                            int byteSize=optionalEntropy.Length;
                            entropyBlob.pbData=Marshal.AllocHGlobal(byteSize);
                            if(IntPtr.Zero==entropyBlob.pbData)
                            {
                                throw new Exception("Unable to allocate entropy buffer.");
                            }
                            entropyBlob.cbData=byteSize;
                            Marshal.Copy(optionalEntropy,0,entropyBlob.pbData,byteSize);
                        }
                        catch(Exception ex)
                        {
                            throw new Exception("Exception entropy marshalling data."+ex.Message);
                        }
                    }
                    else
                    {
                        dwFlags=CRYPTPROTECT_UI_FORBIDDEN;
                    }
                    reVal=CryptUnprotectData(ref cipherBlob,null,ref entropyBlob,IntPtr.Zero,ref prompt,dwFlags,ref plainTextBlob);
                    if(false==reVal)
                    {
                        throw new Exception("Decryption failed."+GetErrorMessage(Marshal.GetLastWin32Error()));
                    }
                    if(IntPtr.Zero!=cipherBlob.pbData)
                    {
                        Marshal.FreeHGlobal(cipherBlob.pbData);
                    }
                    if(IntPtr.Zero!=entropyBlob.pbData)
                    {
                        Marshal.FreeHGlobal(entropyBlob.pbData);
                    }
     
                }
                catch(Exception ex)
                {
                    throw new Exception("Exception decrypting."+ex.Message);
                }
                byte[] plainText=new byte[plainTextBlob.cbData];
                Marshal.Copy(plainTextBlob.pbData,plainText,0,plainTextBlob.cbData);
                return plainText;
            }
     
            private void InitPromptstruct(ref CRYPTPROTECT_PROMPTSTRUCT ps)
            {
                ps.cbSize=Marshal.SizeOf(typeof(CRYPTPROTECT_PROMPTSTRUCT));
                ps.dwPromptFlags=0;
                ps.hwndApp=NullPtr;
                ps.szPrompt=null;
            }
            private unsafe static String GetErrorMessage(int errorCode)
            {
                int FORMAT_MESSAGE_ALLOCATE_BUFFER=0x00000100;
                int FORMAT_MESSAGE_IGNORE_INSERTS=0x00000200;
                int FORMAT_MESSAGE_FROM_SYSTEM=0x00001000;
                int messageSize=255;
                String lpMsgBuf="";
                int dwFlags=FORMAT_MESSAGE_ALLOCATE_BUFFER|FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_IGNORE_INSERTS;
                IntPtr ptrlpSource=new IntPtr();
                IntPtr ptrArgument=new IntPtr();
                int retVal=FormatMessage(dwFlags,ref ptrlpSource,errorCode,0,ref lpMsgBuf,messageSize,&ptrArgument);
                if(0==retVal)
                {
                    throw new Exception("Failed to format message for error code"+errorCode+".");
                }
                return lpMsgBuf;
            }
     
        }
    }
  • 相关阅读:
    在IIS中设置默认网页
    vim 查找匹配字符串次数
    resource about NLP
    Mongodb基本知识和常用语法
    fudanNLP keyword Extraction
    nltk support chinese by sinica
    Gmail小技巧:只显示未读邮件
    java get line number and file name
    java classpath import package 机制
    linux 调用 fudanNLP
  • 原文地址:https://www.cnblogs.com/sczw-maqing/p/3368611.html
Copyright © 2011-2022 走看看