[英]Secure web services using Symfony
So I have Symfony project which is also in charge of database abstraction and the data layer. 所以我有Symfony项目,它还负责数据库抽象和数据层。 In short - all data requests should go through it.
简而言之 - 所有数据请求都应该通过它。
Now I want to have external components that will want to query / update stuff in the database, using web service API that I expose. 现在,我希望使用我公开的Web服务API,使用外部组件来查询/更新数据库中的内容。
Question: How do I make sure these web services are running inside a secure channel? 问题:如何确保这些Web服务在安全通道内运行? I don't want unauthorized users to update my database, and I don't want eavesdroppers get hold of sensitive data.
我不希望未经授权的用户更新我的数据库,我也不希望窃听者获取敏感数据。 Is setting up client authentication using PKI a viable option?
使用PKI设置客户端身份验证是否可行? or is it overkill?
还是有点矫枉过正? What's the way this is tackled?
解决这个问题的方式是什么?
Thanks! 谢谢! -DBG
-dbg
First of all, you if you have a limited number of service users, and know their ips, you can restict access to ceirtain urls by ips. 首先,如果您拥有数量有限的服务用户,并了解他们的ips,您可以通过ips取消对ceirtain网址的访问权限。 Next, have a look at Practical symfony , where they embed an authentication token into the url.
接下来,看看Practical symfony ,他们将身份验证令牌嵌入到url中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.