通过第三方防火墙在两个系统之间连接数据的最佳方式?
我参与了一个项目,我们基本上将从学区防火墙内的两个或三个内部系统接收数据,并聚合和整理数据以在学生/家长可以登录查看的网站上展示只有他们的具体数据。内部系统由另一家软件供应商提供,我们与该供应商有着良好的合作关系,并将与他们合作为我们提供数据的 API。我们将每天左右获取一次数据快照。学区想要我们的系统,但他们担心内部数据的安全和隐私。我们不想从他们的服务器托管 Web 应用程序(一场噩梦),因此我们将与“内部”软件提供商合作,让他们为我们提供通过学区防火墙对数据的安全访问。我们将在几周内向学区的 CIO 提交一份提案,说明我们打算如何做到这一点并确保数据的安全和私密。
所以我的问题是:
有人能指出我通常使用哪些类型的 API 在两个系统(一个在内部,一个在外部)之间进行这种类型的安全、私有数据传输的正确方向吗?目前,数据流将是单向的(这意味着我们只会查询,不会更新),并且每天一次左右的整个数据库的快照可能就足够了。我希望学区 IT 部门的配置尽可能少,并且尽可能简单但有用。我研究过 SOAP、REST、SFTP、HTTPS 和 SSH/SOCKS,但在整理它们时遇到了困难。我确信有一种执行此类数据批处理的标准方法,因此,如果有人能给我指出正确的方向或提供一些观点,我将不胜感激!我的专长是编码,之前没有深入研究过这种类型的网络管理。
顺便说一句,我的应用程序是 Django/Python 。 。 。但我们有很多 Java 经验,所以应该有一些灵活性和能力。
I am involved in a project, where we will basically be receiving data from two or three internal systems that are inside of a school district's firewall, and aggregating and massaging the data for presentation on a website that students/parents can log in to to see only their specific data. The internal systems are provided by another software vendor, who we have a good working relationship with and will be working with to provide us with an API to the data. We will be getting a snapshot of the data once a day or so. The school district wants our system, but they are concerned about security and privacy of their internal data. We do not want to host the web application from their servers (a nightmare), and so we are going to working with the "inside" software provider to have them provide us with secure access to the data through the district's firewall. We will be presenting a proposal to the District's CIO in a few weeks about how we intend to do this and keep the data safe and private.
So here is my question:
Can someone point me in the right direction of what types of API's are typically used to do this type of secured, private data transfer between two systems (one on the inside, one on the outside)? For now, the data flow will be one-directional (meaning we'll only be querying, not updating), and a snapshot of the whole database once a day or so may be good enough. I would prefer it to require as little configuration by the school district's IT dep't as possible and be as simple but useful as possible. I've looked at SOAP, REST, SFTP, HTTPS and SSH/SOCKS, but am having trouble sorting it all out. I am sure there is a standard way of doing this type of data batch, so if someone could point me in the right direction or provide some perspective, that would be much appreciated! My expertise is in coding and haven't delved a lot into this type of network administration before.
By the way, my app is Django/Python . . . but we have lots of Java experience so should have some flexibility and power there.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
最简单的方法是使用 SFTP 和安全证书。
在源头,您将必须传输的信息设置为哑文件数据。您获取该文件转储并使用证书的公钥对其进行加密。
您通过 SFTP 发送文件。
然后,您获取收到的加密文件,使用您的私钥对其进行解密,并使用它。
我想 SOAP 解决方案可以工作,但如果数据哑元变得更大,您可能会遇到限制(我确信它会:P)。
所以最简单的方法就是文件传输。只需确保连接是安全的,并且在发送文件之前对文件进行加密,作为额外的安全措施。
The easiest way would be with SFTP and security certificates.
At the source you make a file data dumb of the info you must transmit. You take that file dump and encrypt it with a certificate's public key.
You send the file over SFTP.
You then take the received encrypted file, decrypt it with your private key, and consume it.
I guess a SOAP solution could work but you could hit limitations with it if the data dumb becomes larger in size (and I'm sure it will :P).
So the simplest way is a file transfer. Just make sure the connection is secured and that you encrypt the file before sending it as an extra measure of security.