存储应用敏感数据
我正在开发一个Python应用程序,它可以连接到我们不同的服务器和电脑。这些设备都有不同的登录名和密码。我想把这些信息直接存储在应用程序里,只需要输入一个主登录名和密码。请问我该如何存储这些敏感数据,以确保没有主密码的人无法访问我们的服务器和电脑呢?
补充:有没有可能存储一个加密文件来保存这些数据呢?
补充2:我的应用目前是在Windows上运行。如果可能的话,我会把它移植到Linux和Mac OSX上。
补充3:对那些感兴趣的人,我使用了M2secret和M2Crypto来加密一个文本文件。在启动应用时,用户需要输入一个密码,这个密码用来解密文件并加载所需的凭据到应用中。看起来这样是可行的……
祝好。
1 个回答
1
这听起来真是个糟糕的主意。你可以对登录名和密码进行加密,但只要有人能接触到主密码,他们就能访问所有的个人登录信息。这就意味着,个人的登录信息很快就会失去保密性,如果泄露了,你就得把所有的密码都改掉。
一个更好的解决办法是给你应用的每个用户在每个服务器上都设置一个独立的登录名。这样,你的应用可以在访问每个服务器时使用相同的登录名和密码,而密码根本不需要存储在应用里。如果某个用户的密码泄露了,你只需在他们的所有登录中更改密码,其他用户就不会受到影响。
另外,你也可以通过一个单独的服务器代理来管理所有的登录信息:这个代理可以放在一个安全的系统上,这样用户就不会接触到任何底层账户,你可以通过每个用户的账户来保护对这个代理的访问。
我翻找了一些旧代码,找到了我叫做'passwordcache.py'的模块中的一些内容。看看这些是否能帮到你:
"""Password Cache
This module provides a portable interface for caching passwords.
Operations:
Store a password.
Retrieve a password (which may prompt for a password if it needs it).
Test whether or not we have a password stored.
Clear a stored password.
Passwords are identified by a combination key app/service/user.
"""
import sys, os, random, hashlib
random.seed() # Init random number generator from other random source or system time
class PasswordCacheBase(object):
"""Base class for common functionality between different platform implementations"""
def __init__(self, application=None):
"""PasswordCache(application)
Creates a new store for passwords (or opens an existing one).
The application name may be any string, but defaults to the script name.
"""
if application is None:
self.application = os.path.basename(sys.argv[0])
else:
self.application = application
def get(self, service, user, getpass=None, cache=False):
"""Retrieve a password from the store"""
raise NotImplementedError()
def set(self, service, user, password):
"""Save a password in the store"""
raise NotImplementedError()
def exists(self, service, user):
"""Check whether a password exists"""
try:
pwd = self.get(service, user)
except KeyError:
return False
return True
def clear(self, service, user):
raise NotImplementedError()
def salt(self, service, user):
"""Get a salt value to help prevent encryption collisions. The salt string is 16 bytes long."""
salt = hashlib.md5("%r|%s|%s|%s" % (random.random(), self.application, service, user)).digest()
return salt
if sys.platform=="win32":
"""Interface to Windows data protection api.
Based on code from:
http://osdir.com/ml/python.ctypes/2003-07/msg00091.html
"""
from ctypes import *
from ctypes.wintypes import DWORD
import _winreg
import cPickle as pickle
LocalFree = windll.kernel32.LocalFree
# Note that CopyMemory is defined in term of memcpy:
memcpy = cdll.msvcrt.memcpy
CryptProtectData = windll.crypt32.CryptProtectData
CryptUnprotectData = windll.crypt32.CryptUnprotectData
# See http://msdn.microsoft.com/architecture/application/default.aspx?pull=/library/en-us/dnnetsec/html/SecNetHT07.asp
CRYPTPROTECT_UI_FORBIDDEN = 0x01
class DATA_BLOB(Structure):
# See d:\vc98\Include\WINCRYPT.H
# This will not work
# _fields_ = [("cbData", DWORD), ("pbData", c_char_p)]
# because accessing pbData will create a new Python string which is
# null terminated.
_fields_ = [("cbData", DWORD), ("pbData", POINTER(c_char))]
class PasswordCache(PasswordCacheBase):
def set(self, service, user, password):
"""Save a password in the store"""
salt = self.salt(service, user)
encrypted = self.Win32CryptProtectData(
'%s' % password, salt)
key = self._get_regkey()
try:
data = self._get_registrydata(key)
data[service, user] = (salt, encrypted)
self._put_registrydata(key, data)
finally:
key.Close()
def get(self, service, user, getpass=None, cache=False):
data = self._get_registrydata()
try:
salt, encrypted = data[service, user]
decrypted = self.Win32CryptUnprotectData(encrypted, salt)
except KeyError:
if getpass is not None:
password = getpass()
if cache:
self.set(service, user, password)
return password
raise
return decrypted
def clear(self, service=None, user=None):
key = self._get_regkey()
try:
data = self._get_registrydata(key)
if service is None:
if user is None:
data = {}
else:
for (s,u) in data.keys():
if u==user:
del data[s,u]
else:
if user is None:
for (s,u) in data.keys():
if s==service:
del data[s,u]
else:
if (service,user) in data:
del data[service,user]
self._put_registrydata(key, data)
finally:
key.Close()
def _get_regkey(self):
return _winreg.CreateKey(
_winreg.HKEY_CURRENT_USER,
r'Software\Python\Passwords')
def _get_registrydata(self, regkey=None):
if regkey is None:
key = self._get_regkey()
try:
return self._get_registrydata(key)
finally:
key.Close()
try:
current = _winreg.QueryValueEx(regkey, self.application)[0]
data = pickle.loads(current.decode('base64'))
except WindowsError:
data = {}
return data
def _put_registrydata(self, regkey, data):
pickled = pickle.dumps(data)
_winreg.SetValueEx(regkey,
self.application,
None,
_winreg.REG_SZ,
pickled.encode('base64'))
def getData(self, blobOut):
cbData = int(blobOut.cbData)
pbData = blobOut.pbData
buffer = c_buffer(cbData)
memcpy(buffer, pbData, cbData)
LocalFree(pbData);
return buffer.raw
def Win32CryptProtectData(self, plainText, entropy):
bufferIn = c_buffer(plainText, len(plainText))
blobIn = DATA_BLOB(len(plainText), bufferIn)
bufferEntropy = c_buffer(entropy, len(entropy))
blobEntropy = DATA_BLOB(len(entropy), bufferEntropy)
blobOut = DATA_BLOB()
# The CryptProtectData function performs encryption on the data
# in a DATA_BLOB structure.
# BOOL WINAPI CryptProtectData(
# DATA_BLOB* pDataIn,
# LPCWSTR szDataDescr,
# DATA_BLOB* pOptionalEntropy,
# PVOID pvReserved,
# CRYPTPROTECT_PROMPTSTRUCT* pPromptStruct,
# DWORD dwFlags,
# DATA_BLOB* pDataOut
if CryptProtectData(byref(blobIn), u"win32crypto.py", byref(blobEntropy),
None, None, CRYPTPROTECT_UI_FORBIDDEN, byref(blobOut)):
return self.getData(blobOut)
else:
return None
def Win32CryptUnprotectData(self, cipherText, entropy):
bufferIn = c_buffer(cipherText, len(cipherText))
blobIn = DATA_BLOB(len(cipherText), bufferIn)
bufferEntropy = c_buffer(entropy, len(entropy))
blobEntropy = DATA_BLOB(len(entropy), bufferEntropy)
blobOut = DATA_BLOB()
if CryptUnprotectData(byref(blobIn), None, byref(blobEntropy), None, None,
CRYPTPROTECT_UI_FORBIDDEN, byref(blobOut)):
return self.getData(blobOut)
else:
return None
else: # Not Windows, try for gnome-keyring
import gtk # ensure that the application name is correctly set
import gnomekeyring as gkey
class Keyring(object):
def __init__(self, name, server, protocol):
self._name = name
self._server = server
self._protocol = protocol
self._keyring = k = gkey.get_default_keyring_sync()
import pdb; pdb.set_trace()
print dir(k)
class PasswordCache(PasswordCacheBase):
def __init__(self, application=None):
PasswordCacheBase.__init__(self, application)
self._keyring = gkey.get_default_keyring_sync()
def set(self, service, user, password):
"""Save a password in the store"""
attrs = {
"application": self.application,
"user": user,
"server": service,
}
gkey.item_create_sync(self._keyring,
gkey.ITEM_NETWORK_PASSWORD, self.application, attrs, password, True)
def get(self, service, user, getpass=None, cache=False):
attrs = {
"application": self.application,
"user": user,
"server": service}
try:
items = gkey.find_items_sync(gkey.ITEM_NETWORK_PASSWORD, attrs)
except gkey.NoMatchError:
if getpass is not None:
password = getpass()
if cache:
self.set(service, user, password)
return password
raise KeyError((service,user))
return items[0].secret
def clear(self, service=None, user=None):
attrs = {'application':self.application}
if user is not None:
attrs["user"] = user
if service is not None:
attrs["server"] = service
try:
items = gkey.find_items_sync(gkey.ITEM_NETWORK_PASSWORD, attrs)
except gkey.NoMatchError:
return
for item in items:
gkey.item_delete_sync(self._keyring, item.item_id)