问题描述
我在寻找的正确的方式来验证互连的Node.js应用的建议。用例是一般的:共享工作任务,同步数据或控制/监控通道。数据库已经验证,但对于应用程序本身?
I'm looking for advise on the 'right way' to authenticate interconnecting node.js applications. The use case is general: to share work tasks, sync data or for a control/monitoring channel. Databases have authentication, but what about the applications themselves?
什么是入侵者的风险(从外部或网络上的)滥用你的内部连接?它是否会发生?
What's the risk of intruders (from outside or on the network) to abuse your internal connections? Does it happen?
我发现很多集群合作模块从使用原始套接字喜欢zeromq,但例子从来没有真正提到安全方面,只是连接到某些IP /端口。但是,你会怎么做,以确保将加入劳动力的新的工作是没有敌意?如何做一个工人知道它没有被用于不可告人的目的?
I find lot of cluster cooperation modules ranging from using raw sockets to like zeromq, but the examples never really mention the security aspect and just connect to some ip/port. But what do you do to make sure the new worker that's joining the workforce is not hostile? How does a worker know it's not being used for nefarious purposes?
我想在云托管的网络不太敌对然后打开互联网(IS它???),不过,你是做什么样的事情呢?我想说的内部HTTPS所有的路实在是太多了,但你会怎么做匹配的身份?你把每个节点上的一些证书?什么样的?那你怎么检查呢?当你穿上它?
I assume the network in a cloud hosting is less hostile then open internet (IS it???), but still, what kinds of things do you do? I'd say internal https all-the-way is too much, but what do you do to match identities? Do you put some certificate on each node? What kind of? Then how do you check it? When do you put it on?
如果我的数据库可以用一个简单的ID / PASS的(纯文本还是什么?),然后我应该应用集群呢?如果是这样,你如何保护和管理的ID信息?
If my database can do with a simple id/pass (plain text or what?) then should my application cluster too? If so, how do you secure and manage the id info?
有一个基本的解决办法是用ssh一些自定义标记到每个节点,并在应用中为每个连接节点的一些混杂方式检查,但我没有好的行业惯例的想法所以你觉得呢?
A basic solution could be to ssh some custom tokens to each node and check in application with some hashing scheme for each connecting node but I have no idea of good industry practice so what do you think?
推荐答案
如果您使用的是像ZeroMQ或Redis的解决方案,确保你为他们设置一个密码。
If you are using solutions like ZeroMQ or Redis, make sure you set a password for them.
你的流程做完全是你的责任。您应该确保您的应用程序没有任何设计上的缺陷,所以只有你(在服务器端)或认证用户可以通过管道发送信息(例如,如果你正在设计一个聊天确保只有经过身份验证/注册用户可以发送邮件)。
What your processes do is entirely your responsibility. You should make sure your application doesn't have any design flaws, so only you (from the server side) or authenticated users can send messages through the "pipeline" (for example if you are designing a chat make sure that only authenticated/registered users can send messages).
如果你希望你的本地网络上额外的安全性,您可以使用。
If you want extra security on your local network, you could use iptables.
这篇关于什么是node.js的应用程序/工人/集群互连牢固的基础知识?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!