September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
214
第 14章
部署代码
撰写人:
Jeremiah Spradlin
、
Mark Lodato
、
Sergey Simakov
和
Roxana Loza
在生产环境中运行的代码是否是我们以为的那样?系统需要控件来预防或检测不安全
的部署操作:部署本身会更改系统,而任何这些操作都可能引入可靠性或安全性问题。
为了避免部署不安全的代码,需要在软件开发生命周期的早期阶段就开始管控。本章
首先定义了软件供应链威胁模型,并分享防范这些威胁的最佳实践。然后,本章会深
入探讨高级缓解策略,例如可验证的构建和基于来源的部署策略。最后给出一些关于
如何部署此类变更的实用建议。
前几章讨论了在编写和测试代码时如何考虑安全性和可靠性。但在构建和部署之前,代码
不会产生实际的影响。因此,仔细考虑构建和部署过程中所有因素的安全性和可靠性是很
重要的。仅仅通过检查工件本身难以确定已部署工件是否安全。管控软件供应链的各个阶
段有助于增强软件的安全性。例如,代码审查可以减少出错的概率并阻止恶意篡改的发
生,而自动测试有助于使代码正确地运行。
围绕编写、构建和测试的基础架构做管控的效果有限,因为攻击者可通过直接部署到系统
中来绕过这些机制。因此,系统应该拒绝并非来自正确软件供应链的部署操作。为此,供
应链中的每一步都必须能够提供证据来证明其已正确执行。
14.1
概念和术语
我们使用术语“软件供应链”来描述编写、构建、测试和部署软件系统的过程。通常,这
些步骤需要版本控制系统(
version control system,
VCS
)、持续集成(
continuous ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.