请建议一种将数据从一台计算机传输到另一台计算机的安全方法
我希望“A”计算机负责执行命令,“B”计算机将命令发送到“A”计算机。我对实施有一些想法。
方式一: “A”计算机有一个 while true 循环来监听“B”计算机的命令,当收到命令时,它会执行。
方式2: 使用 FTP 服务器,存储有关命令的信息。 “A”计算机有一个 while true 循环来检查“B”计算机是否上传了有关该命令的任何新信息。如果是,则重构命令并执行。执行后,FTP Server 上的文件将被删除。并在“A”计算机上存储一份副本。
方式3: 这和way2类似,但是使用数据库来存储。命令执行后,将按已执行的方式执行。
您对这3种方式有何建议?这足够安全吗?
I want "A" computer to responsible for execute the command, and "B" computer will send the command to "A" computer. I have some ideas on the implementation.
Way1:
The "A" computer have a while true loop to listen for "B" computer's command, when it is received, it execute.
Way2:
Using a FTP Server, that store information that about the command.
The "A" computer have a while true loop to check whether the "B" computer uploaded any new information about the command. if yes, reconstruct the command and execute. After executed, the file on FTP Server will be deleted. And store a copy the "A" computer.
Way3:
this is similar to way2, but using database to store. After the command is executed, it will made as executed.
What is your suggestion about these 3 ways? Is that secure enough?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
通用方式:ssh 和 scp。
特定于可靠安全的数据库:取决于平台:Service Broker< /a>, Oracle AQ, < a href="http://en.wikipedia.org/wiki/IBM_WebSphere_MQ" rel="nofollow noreferrer">MQSeries。
不太好的主意:编写一个不了解安全性的套接字程序。
A generic way: ssh and scp.
Reliable secure database specific: depends on the platform: Service Broker, Oracle AQ, MQSeries.
Not so good idea: write a socket program w/o knowing anything about security.
您假设存在信任关系,但没有提供任何线索来说明您如何知道来自计算机 A 的有效负载是良性的。你打算如何防止计算机 A 发送一个任务,说“在掠夺所有银行帐户和密码后重新格式化你的硬盘驱动器?
您的选项都没有任何安全性,因此很难说哪个 FTP 要求用户知道 URL。如果您不允许匿名访问,则 2 比 1 更安全。2 和 3 都同样安全
,但我认为都没有什么风险。或者这里没有安全保障。
You're assuming a trust relationship without giving any clues as to how you know that the payload from computer A is benign. How do you plan to prevent computer A from sending a task that says "reformat your hard drive after plundering it for all bank accounts and passwords?
None of your options have any security, so it's hard to say which one is more secure. FTP requires that the user know the URL of your FTP server and, if you aren't allowing anonymous access, a username and password. That makes 2 more secure than 1. 2 and 3 are equally (in)secure.
All can work, but all are risky. I see little or no security here.
如果没有更多细节,为了安全起见,我所能建议的就是使用 SSL。
使用 FTP 或数据库服务器只会增加不必要的复杂性,并且可能不会获得任何实际价值。
如果您想要一个安全的解决方案,您将需要仔细描述您的环境、风险和攻击者。
你害怕被欺骗吗?拒绝服务?信息披露?拦截?
Without more details, all I can suggest for security is to use SSL.
Using FTP or a database server will just add needless complexity, potentially without gaining any real value.
If you want a secure solution, you will need to carefully describe your environment, risks, and attackers.
Are you afraid of spoofing? Denial of service? Information disclosure? Interception?
您在这里真正要实现什么?恕我直言,听起来您至少应该拿起一本有关信息安全的入门书。
What are you really implementing here? With all due respect, it sounds like you should pick up at least an introductory book on information security.
从您的示例来看,您似乎对防范恶意攻击和位操作不太感兴趣,但您想要的是可靠的交付。
查看消息队列解决方案,例如 MSMQ。
From your examples it seems that you aren't so much interested in securing against malicious attacks and bit manipulation but what you want is reliable delivery.
Have a look at a message queue solution, for example MSMQ.
这取决于您需要什么样的安全性。
如果保证送达 - 任何可以存储消息并在删除之前批准存储的方式都可以。
如果是关于发送者和接收者 ID,则应该使用证书。
如果涉及线路安全 - 您应该对消息进行加密。
如果您身处 Microsoft 世界,那么使用 WCF 可以实现所有事情。
如果您在 Linux 世界,还有其他库。
(例如,您可以使用 https post)。
It depends what kind of security you need.
if it is guaranteed delivery - anything way that makes the message stored and approve the storing before deletion will do.
if it's about the sender and the receiver id you should use certificates.
if it's about the line security - you should encrypt the message.
All things can be achieve using WCF if you're on the Microsoft world.
and there are other libraries if you're on the Linux world.
(you can use https post for example).