Мобильная версияРазрешить или запретить пользователю изменять настройки приложения на основе пароля в приложении C#. ⇐ C#
-
Anonymous
Разрешить или запретить пользователю изменять настройки приложения на основе пароля в приложении C#.
I am trying to password protect application settings (basically server address, port etc..) in a C# Windows desktop application.
During the initial run, user (actually admin) can set the application settings and password; in the normal course of run (by regular user), application should be able to decrypt the settings without user input. Any user attempts to change the settings should be verified against this password.
Oneway is to encrypt the settings using a key based on hardware, and store a hash of the password. allow the user to create settings; allow update after checking against the hashed password. In that case anyone can simply generate the same hardware key and decrypt the settings straightaway.
Instead of hardware based key, application can generate/initialize an encryption key on first run; but has to store that key somewhere(?) for decryption in subsequent application runs. when you are storing, you got the encryption key and hence the settings.
Another way is to use the combination of hardware key, password to encrypt the settings and password. but in this scenario, how will the application decrypt the settings data without password input from user?
How can this be achieved? Or you may guide me towards a better strategy to achieve the same.
Источник: https://stackoverflow.com/questions/781 ... sword-in-c
I am trying to password protect application settings (basically server address, port etc..) in a C# Windows desktop application.
During the initial run, user (actually admin) can set the application settings and password; in the normal course of run (by regular user), application should be able to decrypt the settings without user input. Any user attempts to change the settings should be verified against this password.
Oneway is to encrypt the settings using a key based on hardware, and store a hash of the password. allow the user to create settings; allow update after checking against the hashed password. In that case anyone can simply generate the same hardware key and decrypt the settings straightaway.
Instead of hardware based key, application can generate/initialize an encryption key on first run; but has to store that key somewhere(?) for decryption in subsequent application runs. when you are storing, you got the encryption key and hence the settings.
Another way is to use the combination of hardware key, password to encrypt the settings and password. but in this scenario, how will the application decrypt the settings data without password input from user?
How can this be achieved? Or you may guide me towards a better strategy to achieve the same.
Источник: https://stackoverflow.com/questions/781 ... sword-in-c
-
- Похожие темы
- Ответы
- Просмотры
- Последнее сообщение
