gpt4 book ai didi

powerbi - 如何在 Power BI DataConnector 中存储凭据?

转载 作者:行者123 更新时间:2023-12-03 17:12:10 25 4
gpt4 key购买 nike

我正在构建一个使用 OAuth 的自定义 Power BI DataConnector。我正在关注 github example .但这会将客户端凭据(OAuth 中的 'code flow' 需要)存储为纯文本文件。有没有安全的替代方案?

最佳答案

不幸的是,根据微软员工 Curt Hagenlocher 的说法,由于当前的“最先进的技术”,没有办法安全地保护这些凭据:

There is no way to protect a secret on someone's desktop. That's why some OAuth providers (like AAD) support a "native app" mode where there's a client id but no secret. The most recent development in this space is PKCE, and we're aiming to have sample code for that later this year.

In principle, a secret could be supplied separately for service use -- and I'd like to see us do that some day -- but there's a lot of infrastructure which would need to be created to support that.


我建议对模块本身进行加密,Curt 的回应是这也是无效的:

All someone needs to do is have Fiddler running and they can seeexactly what secret is being sent to the token endpoint.


完整对话:
https://github.com/microsoft/DataConnectors/issues/298

关于powerbi - 如何在 Power BI DataConnector 中存储凭据?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61122933/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com