| 摘要 |
<p>A system and method for enforcing configuration parameters and detecting tampering of configuration files used by a software application. An enforced configuration packet (ECP) file generator (110) generates an enforced configuration packet (ECP) file (106) from a configuration parameter description file (108) containing a set of configuration parameters (&lang&ID, VALUE&rang&). The ECP file (106) includes a set of enforced configuration packets (&lang&ID, VALUE, FINGERPRINT&rang&), which each include one of the configuration parameters from the ECP description file (108) and a corresponding configuration parameter fingerprint (&lang&FINGERPRINT&rang&) unique to that particular configuration parameter. At startup of the software application (102), an ECP file reader (104) validates the ECP file (106) and each of the enforced configuration packets contained in the ECP file. Validation is achieved by regenerating the configuration parameter fingerprint of each configuration parameter and comparing the regenerated fingerprint to the fingerprint contained in the enforced configuration packet. If any of the fingerprints in the enforced configuration packets do not match their regenerated fingerprint, the ECP file reader (104) indicates that the configuration parameter fingerprint is not valid. If all of the configuration parameter fingerprints match up to their regenerated fingerprints, and the ECP file (106) itself is determined to be valid, the configuration parameters encoded in the ECP file (106) are used by the software application (102) to set up its configuration. <IMAGE></p> |
