November 2021
Beginner to intermediate
239 pages
4h 15m
Chinese
Content preview from Dapr学习手册
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
安全
|
139
让我们从最明显的关注点开始:访问控制。
4.1.1
访问控制
保护中央服务器相对容易,因为你可以完全控制托管环境。例如,你可以设
置防火墙规则和负载均衡器策略来限制对特定客户端
IP
段和端口的访问。你
还可以与中心身份提供者(如
Active Directory
)集成,以启用集中身份验证
和授权。
这两个术语经常被混淆。简单地说,身份验证(
authentication
)回答了问题“你
是谁?”,授权(
authorization
)回答了“你被允许做什么”的问题。
当你在云上托管应用程序时,你应该利用云平台提供的安全特性。现代云平
台提供的安全特性与你在本地可用的类似,因此你可以使用熟悉的技术和概
念(如网络安全组、
RBAC
、基于证书的身份验证和防火墙)来管理访问控制。
当你试图管理分布式系统的安全性时,事情变得更加复杂,因为你经常需要
处理分散的计算资源、不可信的连接和异构技术堆栈。在处理常见的安全挑
战(如建立身份、设置访问控制策略和通过网络进行通信)时,你必须重新
考虑你的策略。
4.1.1.1
身份识别
应用程序需要处理两种类型的身份:用户身份和服务身份。用户身份标识特
定用户,而服务身份标识服务或流程。你可以为这两种类型的标识定义访问
控制策略(下面讨论)。例如,可以授予用户身份对关系数据库表的读访问
权限,还可以限制服务身份进行任何出站连接。
Microsoft Azure Active Directory
(
AAD
)等服务允许你为用户和服务建立
和管理标识。在这种情况下,
AAD
被称为受信任的身份提供者 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.