如何“开源”具有敏感数据(Sql、支付等)的项目?

发布于 2024-11-09 14:52:32 字数 400 浏览 3 评论 0原文

我有一个问题...我正在为我的(去年)学校项目创建一个软件。该项目将是 Steam、App Store 和 Ubuntu 软件中心的混合体,每个人都可以下载游戏、创建和发布游戏(免费或免费)、同步音乐并随处收听等等……

问题是,我必须处理 2 种(目前)只有我可以查看的重要数据类型,我正在谈论 sql 代码(例如,检查用户是否可以下载某些内容,如果他已经付费),其中涉及到我的连接个人 Sql Server,以及付款(收款和汇款使用贝宝...)。

但是,如果我编写代码,然后将其放在网上,任何人都可以使用该代码来更改它、改进它等等(我想要的!),或者更改结构,这样他就可以拥有免费的东西,而无需付费或发送很多垃圾邮件,甚至带有病毒的假东西(我不想要)...

有没有办法让两者一起工作:S?

提前致谢, 路易斯·达·科斯塔

I have a question... I am creating a software for my (last year) school project. The project will be a mix of Steam, App Store and Ubuntu Software Center, where everyone can download games, create and publish them (free or not), synchronize their music and listen everywhere and more...

The problem is, I have to deal with 2 (for now) important types of data that only I can view, I am talking about the sql code (to check if the user can or not download something if he has already pay for it for example) which involves connections to my personal Sql Server, and the payments (Receiving and Sending money using paypal...).

But if I make the code, and then put it online anyone can use the code to change it, improve it etc.. (which I want!), or, to change the structure so he can have free stuff without paying or sending a lot of spam or even fake stuff with virus (which I don't want)...

Is there a way to make the two work together :S ?

Thanks in Advance,
Luis Da Costa

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

请远离我 2024-11-16 14:52:32

要解决在应用程序中保留个人信息的问题,您可以执行以下操作:

  1. 将所有个人/敏感信息分解到某种配置/设置文件中
  2. 创建一个作为配置文件示例的文件,并将其命名为 < ;realfilename>.sample
  3. 使用您正在使用的任何版本控制系统的机制来忽略实际的配置文件(例如将其放入您的 .gitignore.hgignore等)

这样,想要在自己的服务器上使用您的应用程序的人将无法访问您的个人信息,但仍然可以知道如何运行他们自己的应用程序版本。

至于您对人们编写恶意代码的担忧,这是不可能的,特别是如果您观察代码库中包含哪些代码。识别恶意内容应该很容易(如果有人尝试过,这不太可能)。如果您担心人们改变他们的客户端,那么您需要实施一些检查以确保客户端是普通的。

To solve the issue of keeping personal info in the application, here's what you do:

  1. Factor all the personal/sensitive info into some kind of config/settings file
  2. Create a file that is an example of a config file and call it <realfilename>.sample
  3. Use whatever version control system you're using's mechanism to ignore the actual config file (e.g. put it in your .gitignore, .hgignore, etc.)

That way, people that want to use your application on their own server won't have access to your personal info but can still know how to run their own version of the application.

As for your concerns about people writing malicious code, this is unlikely, especially if you watch what code is going in to your codebase. It should be pretty easy to recognize malicious stuff (if someone ever tries, which is unlikely). If you're concerned about people altering their clients, then you'll need to implement some checks to make sure the client is plain-vanilla.

零時差 2024-11-16 14:52:32

从代码中取出所有敏感数据并将其放入某种配置中(文本文件、本地数据库)。另外,如果您当前已控制此项目版本并且要提供历史记录,则应确保从您的 vcs 中删除此信息

Take all the sensitive data out of the code and put it into some kind of configuration (text files, local database). Also if you currently have this project version controlled and you are going to make the history available you should make sure you delete this info from your vcs

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文