当前位置：文江博客话题详情

mamp 和 dydns 安全

发布于 2024-09-29 07:42:42 字数 107 浏览 6 评论 0原文

我已经设置了这个，以便我可以测试站点并让我的客户看到它们，问题是我担心我的本地计算机的潜在安全性。

我端口转发了80端口，有什么风险吗？

谢谢，

R。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

ぃ双果 2024-10-06 07:42:42

首先，要知道无论你做什么，总是存在风险，因此你应该考虑减轻这些风险。您应该考虑的一些主要攻击点：

dyndns - 您的密码有多强，您是否通过 https 登录？如果您的帐户遭到泄露，有人可能会劫持您的客户。
路由器 - 您的路由器是否会受到损害，导致本地网络上出现不需要的流量？为此，如果您使用的是商业路由器（而不是直接连接到 WAN 的计算机，我建议不要这样做），那么请确保使用最新的固件对其进行更新。
操作系统 - 您的操作系统可能存在漏洞。最好只接受端口 80 上的流量，但仍要对其进行修补并密切关注发现的漏洞。
网络服务器 - 这是一个很大的服务器，因为它负责处理传入的请求。利用此处的漏洞可能会让其他人接管您的计算机。考虑使用 http auth 锁定此处的访问。它不会阻止真正想要通过的人，但它会阻止搜索引擎和许多脚本小子，以防您的应用程序本身出现问题。
网络应用 - 我不会在这里提及常见的攻击（sql注入、xss、csrf...），因为这会占用一本书的时间，但请记住，如果您的客户以外的其他人看到您的应用程序，您可能会暴露您打算保密的数据，并且根据您的应用程序的功能/编码方式/运行的平台，您可能会将您的计算机暴露给一些皇家黑客。将其锁定在防火墙（路由器）和简单的身份验证后面是一个好的开始，可能足以满足您的需求，但请留意您的访问和系统日志，并定期更改 http 身份验证密码（因为您将它们提供给客户）。
（这些只是表面现象，因为我相信您也可以指出许多其他攻击媒介）

其他想法：

仅打开演示站点，并为每个演示使用不同的身份验证凭据。这样您就不必太关心密码安全性，并且可以降低在意外情况下受到攻击的风险。（因此，当您不提供演示时，请关闭转发）
为这些演示获取便宜的rackspace、ec2、linode 或免费的heroku 测试帐户。您仍然需要担心服务器和应用程序的安全性，但如果它们受到损害，您不会丢失家庭计算机上的个人数据。
与上面的观点类似，如果您必须在家庭网络上运行，请考虑购买一个便宜的 Linux 机器来托管您的站点，并将其放在与您的个人计算机不同的网络分区上。
如果您的应用程序正在发送/接收机密数据，那么 ssl 证书始终是一个好主意。

First, know that no matter what you do, there are always risks, so you should instead be thinking about mitigating these risks. Some of the main attack points you should consider:

dyndns - how strong is your password, and do you login via https? If your account here is compromised someone can hijack your clients.
router - can your router be compromised, allowing unwanted traffic on your local network? For this, if you're using a commercial router (rather than a computer hooked directly up to the WAN, which I would recommend against), then make sure to keep it updated with the latest firmware.
operating system - your OS may have vulnerabilities. It's good that you're only accepting traffic on port 80, but still keep it patched and keep an eye on vulnerabilities as they are discovered.
web server - this is a big one, as it's responsible for handling the incoming requests. Exploiting a vulnerability here can allow someone to take over your computer. Consider locking down access here by using http auth. It won't prevent people who really want to get through, but it will block search engines and many script kiddies, in case you have an issue with the app itself.
web app - I won't mention common attacks here (sql injection, xss, csrf, ...) because that would take up a book, but remember that if other people than your clients see your app, you may be exposing data you intended to be private, and depending on what your app does / how it's coded / what platform it runs on, you could be exposing your computer to some royal pwnage. Locking it down behind a firewall (router) and simple auth is a good start, and probably enough for your needs, but keep an eye on your access and system logs, and change the http auth passwords regularly (since you're giving them to clients).
(these just scratch the surface, as I'm sure you can point out many other attack vectors as well)

Other Ideas:

only bring up the site for demos, and use different auth credentials for each demo. This way you don't have to care much about the password security, and you mitigate the risk of being attacked when don't expect it. (so shut off the forwarding when you're not giving a demo)
get a cheap rackspace,ec2,linode or a free heroku test account for these demos. You still have to worry about security of the server and your apps, but if they are compromised you're not going to lose the personal data on your home computer.
similar to the point above, if you must run on your home network, consider getting a cheap linux box just for hosting your sites, and put this on a separate network partition from your personal computers.
ssl certs are always a good idea if your app is sending/receiving confidential data.

回复收藏 0 原文

~没有更多了~