问题
I cached one DataTable fetched from SQL Server 2005 through C# ASP .NET 4.0 Web App [around 50000 row 32 columns]..
Cache by mean is on Client-Side.
I want to know whether the DataTable is secure Or Insecure in the Cache?
If insecure than
- how to get that Data directly from cache and be viewed [not by my Web App as a non developer]
- how to secure the Data.
回答1:
The data is as secure as the server and the web application are.
If someone has physical access to the box (or through RDP), they can always cause a memory dump and read the values directly from memory.
Depending on how it was written, the application might expose the full Cache.
If either of these are not concerns, you can consider the Cache to be secure.
Update:
Seeing as you are talking about client side - nothing on the client side can be considered completely safe. The client has physical access to their machine and therefor can do a memory dump and any number of other tricks (including direct memory inspection).
If the client does not need all of the data, only share the minimum required. Do not persist it.
回答2:
If you mean the HttpContext.Cache, then that data is in-memory and local to your application. It cannot be arbitrarily queried from outside of your application unless you intentionally provide an API to do so, or your web-server is compromised.
If your web-server is compromised in such a way that a hacker has admin access, they can access process memory, so your data is available. However, at that point the hacker probably has access to your connection string etc, and can have even more fun attacking your DB instead (a softer target than looking through process memory).
回答3:
You can leverage the DPAPI (Data Protection API), e.g. using the ProtectedMemory Class
- Article: How to: Use Data Protection (framework 3.0)
.
using System;
using System.Security.Cryptography;
public class MemoryProtectionSample
{
public static void Main()
{
// Create the original data to be encrypted (The data length should be a multiple of 16).
byte [] secret = { 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4, 1, 2, 3, 4 };
// Encrypt the data in memory. The result is stored in the same same array as the original data.
ProtectedMemory.Protect( secret, MemoryProtectionScope.SameLogon );
// Decrypt the data in memory and store in the original array.
ProtectedMemory.Unprotect( secret, MemoryProtectionScope.SameLogon );
}
}
来源:https://stackoverflow.com/questions/8210020/security-of-cached-data-in-net