保护防火墙背后的内部宁静服务
[英]Securing Internal Restful Service That is behind firewall
问题描述
We have a couple of very important internal restful services that are placed behind firewall. 
我们在防火墙后面放置了两个非常重要的内部静态服务。 I Would like to know if having only firewall is going to protect our services or not ? 我想知道是否只有防火墙才能保护我们的服务?
I would like to learn as much as possible so we can make the right decision protecting our data. 我想学习尽可能多的知识,以便我们做出正确的决定来保护我们的数据。
May be adding SSL and HMAC or OAuth are few options to consider however I am not expert in this field and any input is appreciated. 可能要添加SSL和HMAC或OAuth是要考虑的几个选项,但是我不是该领域的专家,因此请多加投入。
1 个解决方案
解决方案1
1 2015-08-13 03:11:18
I'm no security expert either, but all of our internal APIs have specific access controls, are served only over SSL and require access tokens for authentication. 我也不是安全专家,但是我们所有的内部API都有特定的访问控制,仅通过SSL提供服务,并且需要访问令牌进行身份验证。
I wouldn't open up an internal database to everybody, so I'm not leaving an API wide open either. 我不会向所有人开放内部数据库,因此我也不会向所有人开放API。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.