使用Symfony保护Web服务
[英]Secure web services using Symfony
问题描述
So I have Symfony project which is also in charge of database abstraction and the data layer. 
所以我有Symfony项目,它还负责数据库抽象和数据层。 In short - all data requests should go through it. 简而言之 - 所有数据请求都应该通过它。
Now I want to have external components that will want to query / update stuff in the database, using web service API that I expose. 现在,我希望使用我公开的Web服务API,使用外部组件来查询/更新数据库中的内容。
Question: How do I make sure these web services are running inside a secure channel? 问题:如何确保这些Web服务在安全通道内运行? I don't want unauthorized users to update my database, and I don't want eavesdroppers get hold of sensitive data. 我不希望未经授权的用户更新我的数据库,我也不希望窃听者获取敏感数据。 Is setting up client authentication using PKI a viable option? 使用PKI设置客户端身份验证是否可行? or is it overkill? 还是有点矫枉过正? What's the way this is tackled? 解决这个问题的方式是什么?
Thanks! 谢谢! -DBG -dbg
1 个解决方案
解决方案1
2 已采纳 2011-04-10 19:55:07
First of all, you if you have a limited number of service users, and know their ips, you can restict access to ceirtain urls by ips. 首先,如果您拥有数量有限的服务用户,并了解他们的ips,您可以通过ips取消对ceirtain网址的访问权限。 Next, have a look at Practical symfony , where they embed an authentication token into the url. 接下来,看看Practical symfony ,他们将身份验证令牌嵌入到url中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.