简体繁体 English

PHP - 安全什么是最好的方法？

[英]PHP - Security what is best way?

原文 2008-09-25 08:34:20 1 6 php/ security

保护使用PHP从外部攻击开发的Intranet网站的最佳方法是什么？

6 个解决方案

That's a stunningly thought-provoking question, and I'm surprised that you haven't received better answers. 这是一个惊人的发人深省的问题，我很惊讶你没有得到更好的答案。

Summary 摘要

Everything you would do for an external-facing application, and then some. 你要为面向外部的应用程序做的一切，然后是一些。

Thought Process 思考过程

If I'm understanding you correctly, then you are asking a question which very few developers are asking themselves. 如果我理解正确，那么你是问这极少数的开发商都在问自己一个问题。 Most companies have poor defence in depth, and once an attacker is in, he's in. Clearly you want to take it up a level. 大多数公司的防守都很差，一旦攻击者进入，他就进入了。显然你想把它提升到一个水平。

So, what kind of attack are we thinking about? 那么，我们在考虑什么样的攻击？
If I'm the attacker and I'm attacking your intranet application, then I must have got access to your network somehow. 如果我是攻击者并且我正在攻击您的Intranet应用程序，那么我必须以某种方式访问您的网络。 This may not be as difficult as it sounds - I might try spearphishing (targetting email to individuals in your organisation, containing either malware attachements or links to sites which install malware) to get a trojan installed on an internal machine. 这可能不像听起来那么困难 - 我可能会尝试使用鱼叉式网页钓鱼（将电子邮件定位到您组织中的个人，包含恶意软件附件或指向安装恶意软件的网站的链接）以在内部计算机上安装木马。

Once I've done this (and got control of an internal PC), I'll try all the same attacks I would try against any internet application. 一旦我完成了这个（并控制了内部PC），我会尝试所有相同的攻击，我会尝试对任何互联网应用程序。

However, that's not the end of the story. 然而，这不是故事的结局。 I've got more options: if I've got one of your user's PCs, then I might well be able to use a keylogger to gather usernames and passwords, as well as watching all your email for names and phone numbers. 我有更多选择：如果我有一个用户的PC，那么我可以使用键盘记录器来收集用户名和密码，以及查看所有电子邮件中的姓名和电话号码。
Armed with these, I may be able to log into your application directly. 有了这些，我可以直接登录您的应用程序。 I may even learn an admin username/password. 我甚至可以学习管理员用户名/密码。 Even if I don't, a list of names and phone numbers along with a feel for company lingo gives me a decent shot at socially engineering my way into wider access within your company. 即使我没有，一个名单和电话号码列表以及对公司术语的感觉给了我一个体面的机会，让我在公司内部进行更广泛的访问。

Recommendations 建议

First and foremost, before all technical solutions: TRAIN YOUR USERS IN SECURITY 首先，在所有技术解决方案之前： 培训您的安全用户

The common answers to securing a web app: 保护Web应用程序的常见答案：

Use multi-factor authentication 使用多重身份验证
- eg username/password and some kind of pseudo-random number gadget. 例如用户名/密码和某种伪随机数小工具。
Sanitise all your input. 消除所有输入。
- to protect against cross-site scripting and SQL injection. 防止跨站点脚本和SQL注入。
Use SSL (otherwise known as HTTPS). 使用SSL（也称为HTTPS）。
- this is a pain to set up (EDIT: actually that's improving), but it makes for much better security. 这是一个痛苦的设置（编辑：实际上这正在改善），但它提供了更好的安全性。
Adhere to the principals of "Segregation of Duties" and "Least Priviledge" 坚持“职责分离”和“最低权利”的原则
- In other words, by ensuring that all users have only the permissions they need to do their jobs (and nobody else's jobs) you make sure they have the absolute minimum ability to do damage. 换句话说，通过确保所有用户只拥有完成工作所需的权限（以及其他任何人的工作），您可以确保他们具有绝对最低的伤害能力。

If it is on an internal network, why is it even possible to get to the app from the outside? 如果它在内部网络上，为什么甚至可以从外部访问应用程序？ Firewall rules should be in place at the very least. 防火墙规则至少应该到位。

The best way? 最好的方法？ Disable direct external access! 禁用直接外部访问！

If employees need to use it (like an extranet-style site), you should make them VPN in. Through VPN you have a lot more authentication options and most of them are a great deal more secure than leaving your intranet server accessible from the internet. 如果员工需要使用它（比如外联网风格的站点），你应该让他们进入VPN。通过VPN，你有更多的身份验证选项，其中大多数都比从Internet上访问内部网服务器更安全。

Another option, and this only works if the data is public-safe, is scheduling your intranet server to push the data to another server that is externally accessible. 另一个选项，这仅在数据是公共安全的情况下才有效，即安排内部网服务器将数据推送到外部可访问的另一台服务器。 I say push because you really don't want this server to have access to your network. 我说推，因为你真的不希望这台服务器有权访问你的网络。 Let your network server do the work. 让您的网络服务器完成工作。

The best way to secure it? 保护它的最佳方法是什么？ Don't connect it to a network. 请勿将其连接到网络。 Make your users physically enter a guarded room with a single console, running Mosaic. 让您的用户通过单一控制台进入受保护的房间，运行Mosaic。

Oh, you want it to be easy to use? 哦，你想要它易于使用？

Always verify every single input that can come from an untrusted source. 始终验证可能来自不受信任来源的每个输入。
Don't trust any data sources. 不要相信任何数据源。
When storing passwords, ALWAYS store an encrypted hash of the password. 存储密码时，始终存储密码的加密哈希值。
When storing passwords, NEVER store passwords directly. 存储密码时，切勿直接存储密码。
Never collect or store any data that you don't actually need. 切勿收集或存储您实际不需要的任何数据。
Never allow yourself to be tempted into adding additional bells & whistles. 永远不要让自己被诱惑添加额外的铃声和口哨声。
Read everything that Bruce Schneier has written on security and encryption. 阅读Bruce Schneier撰写的有关安全性和加密的所有内容。

If you forget these simple rules, you could find your application starring on the front pages of newspapers everywhere, just like Yahoo mail. 如果你忘记了这些简单的规则，你可以发现你的应用程序在所有报纸的头版上主演，就像雅虎邮件一样。

I would echo @Oli and favour the VPN method if possible. 如果可能的话，我会回复@Oli并支持VPN方法。 However, if for any reason you need more arbitrary access than this, you should use SSL to secure any authentication. 但是，如果由于任何原因您需要比此更多的任意访问，则应使用SSL来保护任何身份验证。 And in addition to password authentication / IP address authentication it would be well worth looking at using SSL with client side certificates. 除了密码验证/ IP地址验证之外，将SSL与客户端证书一起使用也是非常值得的。

You could only allow access from internal IPs from the php app itself. 您只能允许从php应用程序本身访问内部IP。 Also dont ignore the usual security and best practices. 也不要忽视通常的安全性和最佳实践。 Input validation and output encoding(whitelisting only), user accounts with hashed passwords etc. 输入验证和输出编码（仅限白名单），带有散列密码的用户帐户等。