問(wèn)題描述
我已經(jīng)
1. 谷歌搜索
2. 在 stackoverflow
上3.我的帖子給我的一些建議,不要使用從App到SQL Server的直接連接自由文本語(yǔ)句,而不是使用大多數(shù)推薦的REST API服務(wù).
I have already
1. Searched on google
2. Here on stackoverflow
3. Some recommendations for me on my posts, that not to use direct connections free text statements from App to SQL Server, rather than to use mostly recommended REST API services.
概述
我發(fā)現(xiàn)在 Xamarin Forms 開(kāi)發(fā)中 SQL Server 連接非常流暢.我的主要項(xiàng)目是基于 web 的 asp.net c# 和基于桌面的 vb.net,它們使用相同的托管 MS SQL Server 2012 Express(虛擬專用服務(wù)器而不是共享服務(wù)器)數(shù)據(jù)庫(kù).
Overview
I find SQL Server connection very smooth in Xamarin Forms development. My major projects are web based asp.net c# and desktop based vb.net which use same Hosted MS SQL Server 2012 Express (Virtual Private Server and not shared server) Database.
在桌面中,我們可以選擇對(duì) app.Config 文件進(jìn)行加密,我們可以在其中存儲(chǔ)數(shù)據(jù)庫(kù)連接安全憑據(jù).
在基于 Web 中,我們有 web.config 文件,我們說(shuō)它以安全的方式將憑據(jù)放在那里.
(如有錯(cuò)誤請(qǐng)指正)
坦率地說(shuō),我在初始階段嘗試過(guò) REST API 服務(wù),包括 Microsoft Azure,但它看起來(lái)非常復(fù)雜,或者在方法或薪酬結(jié)構(gòu)上對(duì)我來(lái)說(shuō)有一些或其他限制.(或者說(shuō)我現(xiàn)在在 c# 常規(guī)語(yǔ)句中完全靈活).由于我擁有自己的托管服務(wù)器,我不想再選擇其他任何服務(wù)器.
In Desktop we have option such encrypting the app.Config file where we can store the database connection secure credentials.
In Web-based we have web.config file where we say its secured way to put credentials there.
(If wrong please correct me)
Frankly I tried at initial stage REST API Services including Microsoft Azure but it looks very complex or some or other limitations for me in approach or pay strucure. (Or say may be I totally am now flexible in c# regular statements).
As I am having own Hosting Server I don't want to choose again any other.
終于到了我的查詢
現(xiàn)在我將所有安全憑據(jù)存儲(chǔ)在 .cs 中的 Xamarin Forms Class 文件夾中.
Finally to my query
Now I store in Xamarin Forms Class folder in .cs all secure credentials.
/------------------------------------------
//Connection String
//------------------------------------------
public static string appNutri_connection_string = @"data source=<IP ADDRESS>;initial catalog=<Database_Name>;user id=<user_name>;password=<pass_word>;Connect Timeout=600"
我在整個(gè)項(xiàng)目中使用這個(gè) appNutri_connection_string 進(jìn)行連接.
此外,當(dāng)我們編譯包時(shí),我們會(huì)選擇在分發(fā)前首先輸入密碼.
不僅如此,在我們將其上傳到 Google Play 之前,它還會(huì)重新檢查哈希密鑰憑據(jù)和相應(yīng)的包名稱,然后僅發(fā)布 apk.
And I use this appNutri_connection_string throughout project for connections.
Also when we compile the Package we are opted first to enter password before distribution.
Not only that before we upload it on Google Play, it rechecks Hash Key credentials respective package name, then only it publish the apk.
所以請(qǐng)讓我知道 APK 在 .cs 文件中存儲(chǔ)憑據(jù)是多么不安全.其次,最重要的是有沒(méi)有其他解決方案來(lái)加密憑證文件?這樣我就不需要打破我在所有平臺(tái)上如此平穩(wěn)的趨勢(shì).
So please let me know how is not safe for APK to store credentials in .cs file. Secondly , most important is there any other solution to encrypt the credentials file? So that I do not need to break my so smooth trend going on all platforms.
這對(duì)我來(lái)說(shuō)是一個(gè)非常關(guān)鍵的階段,因?yàn)槲胰蕴幱诋a(chǎn)品實(shí)時(shí)實(shí)施的初始階段.所以不想走得更遠(yuǎn),有任何漏洞或錯(cuò)誤的看法.數(shù)據(jù)(尤其是客戶)安全和隱私是我的主要任務(wù).任何時(shí)候都不能妥協(xié).所以請(qǐng)建議我完成這項(xiàng)任務(wù)的最佳方式.
(再次可能是一個(gè)可能重復(fù)的問(wèn)題,但坦率地說(shuō),我沒(méi)有找到詳細(xì)的解釋或信息,也沒(méi)有在此處或任何谷歌搜索中找到)
推薦答案
由于您正處于產(chǎn)品生命周期的初始階段,請(qǐng)更改您的架構(gòu)!永遠(yuǎn)不要,神經(jīng)直接從外部連接到敏感數(shù)據(jù)庫(kù) - 在公共客戶端和您的數(shù)據(jù)庫(kù)之間至少放置一個(gè)前端層(例如 API).
As you are in very initial stage of your product lifetime, PLEASE CHANGE YOUR ARCHITECTURE! Never, nerver connect directly to a sensitive database from outside - put at least a front-end layer (eg. API) between public clients and your database.
這篇關(guān)于Xamarin 表單 (Visual Studio 2017) Android.在應(yīng)用程序中存儲(chǔ) SQL Server 數(shù)據(jù)庫(kù)憑據(jù)有多安全?的文章就介紹到這了,希望我們推薦的答案對(duì)大家有所幫助,也希望大家多多支持html5模板網(wǎng)!