将光标移到/点击文章中的句子上,可以查看译文。      显示繁体中文内容    显示简体中文内容

Is it safe to store passwords in powershell's $env variable?
在 $env 变量的中,存储密码是否安全?

I have a few scripts in my $profile that require passwords for things like connecting to a corporate VPN or sending a command to a virtualized VM.

I don't want to type these passwords over and over and storing the passwords in my $profile is insecure.so i've come up with a solution.on $profile startup, i do something like this


$env:VpnPassword = (Get-Credential DomainGeorge.Mauer).GetNetworkCredential().Password

So when powershell starts i enter a password one time and in any scripts i can then use $env:VpnPassword.

I've confirmed that the variable is available only to the PS Session.and my reasoning is, since it seems to be in memory, that's a reasonably safe place to store it.

Is my logic sound? are the $env values i'm creating stored only in memory?what about the pagefile? is that something that could be used to somehow grab these strings?is there a better way to achieve what i'm trying to do without introducing whole new systems?

时间: 作者:

I verified $env is only in ram.it left no pointers when PS closed.the underlying destructor fires even if you punch the PS exe into breaking, it still cleans up.even with a shared memory attack, that address space is only available to system32, etc and kernel mode drivers as far as i know.you would have to know the exact memory address and size of the data to find anything assuming you even had a process that was elevated enough.that being said, i dont really see any need for encryption.

This answer will begin the self destruct sequence on WM_CLOSE...

...