Security for a winform data?_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2022-12-13 18:01 出处：网络

What is the best approach to secure winform data? In other words how to secure the data from hacking for winforms c# projects?

There is a winform project with 25-30 forms. It stores data to the access DB.
If i start writing encryption/decrypt开发者_开发问答ion logic to all the forms its going to take much time.
Is there any .NET dll/technique which can auto-encnrypt/decrypt before storing DB?
Is there some efficient quick approach for this?

Thanks, Karthick

As the comments have said, depends on what you're trying to secure.

If you're trying to secure access privileges, you could use Identity and Principals to determine thread based authentication, permissions and roles.

If you're storing sensitive strings in memory, use SecureString instead of a regular stings.

If you are referring to preventing someone from "cracking" your software, employ obfuscation software to hinder any would be attackers.

First you must define what area of security you are looking for, then it's just a matter of doing the research... or asking here!

So if I understand correctly you want the data encrypted when you put it into the database and decrypted when you get it out again?

Firstly it is important to know who you are protecting the data from. Other users of the app? External people that might get access to the physical machine?

you should also probably have your code structured so that all access to the database goes through a single data layer. Perhaps single class or group of classes that do all of the data access code. This would mean that adding encryption and decryption as data goes into and out of your database would not be needed for all of your forms.

On the encryption side of things, you need to determine what you will use as the keys to encrypt your data. The fastest, and probably easiest, way to encrypt the data is with DPAPI through the Protected Data class.

The protected data class would allow you to encrypt the data so that it can only be decrypted on the same machine it was encrypted on, and an aditional value can be given so that only your app or something else that knows the extra value can decrypt it.

Another alternative may be to encrypt the entire database, though I am not sure what support Access has for this. Using the Encrypted File System and File.Encrypt might work if Access does not have anything built in.

These may or may not work for your scenario, it really depends on who you are trying to stop and how long you need to protect the data for.