我需要安全字符串方面的帮助,我知道这种方式不是很安全。但这是在机器的管理端。但是,我不想让管理员看到纯文本的密码。
我已经成功地使用了这个方法来处理这个脚本:
$securepasswordkey = "76492d1116743f0423413b16050a5345MgB8AG4ARgBHAGIAWABmAEgAOABZAEoAbQBCAGYAegBsAEYATwAyAHEAcgAHwAOAA2ADUANwA5AGUAYwA4ADQAMgA1ADUAYQBhAGQAOAA2ADQANgA3AGUAMgA1AGMAYQA5AGQANwAwAGIAMAAxAGYAZgBhAGQAMwBiADYAMgBmAGIANwA5ADcAZABiADMAZgAyAGMAMABhAGYAYwA1AGQAOQA3AGMAMAAzADcAMwAzAGMAMQA1ADQAOABjADkAMwBhADcAMQBlAGUAZQA4AGYANwA5ADEAYgA0AGIAYgA0ADgA"
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $SecurePasswordKey -Key $key
$username = "$domainadministrator"
$cred = new-object -typename System.Management.Automation.PSCredential - argument $username, $password
上面的一个成功地隐藏了密码。然而,现在我正试图在没有凭证对象的情况下完成它,我遇到了问题:
$Secure = "76492d1116743f0423413b16050a5345MgB8ADAATQA5ADAAQwBLAGIAKwBPAFEATwA2ADIASgBVADAAGIAZAAwADgAMwAzADIANQA0ADAAOQA0ADUAMgBhADMANgAyAGQANQA4AGUANwAyADgANABhAGIAOABjAGUAMgAyADAAYQBlADkAZgBlAGYAOQAxAGIAOQA="
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $Secure -Key $key
$sqlQuery | sqlplus -silent "USERNAME/$password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=database.host.net)(Port=1522))(CONNECT_DATA=(SERVICE_NAME=database.host.net)))"
您的问题在这里:
$password = ConvertTo-SecureString -String $Secure -Key $key
使用这行代码,$password变量包含一个SecureString对象,而不是纯文本字符串。下面是一个从SecureString对象返回纯文本字符串的短函数:
# Return a SecureString as a String.
function ConvertTo-String {
param(
[Security.SecureString] $secureString
)
$marshal = [Runtime.InteropServices.Marshal]
try {
$intPtr = $marshal::SecureStringToBSTR($secureString)
$string = $marshal::PtrToStringAuto($intPtr)
}
finally {
if ( $intPtr ) {
$marshal::ZeroFreeBSTR($intPtr)
}
}
$string
}
将此函数添加到您的脚本中,您现在可以编写以下内容:
$password = ConvertTo-String (ConvertTo-SecureString -String $Secure -Key $key)
现在$password将包含一个纯文本字符串。