September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
建立安全可靠的文化
|
339
升级软件,或试图将敏感数据上传到未经批准的云存储系统时。当用户看到重要的实时
告警时,可以自行做出更好的决定以避免错误
7
。另一方面,正如在第
13
章中讨论的那
样,向开发人员提供预先提交的安全性和可靠性提示,有助于他们在开发代码时做出更
好的选择。
21.1.4
说
“
是
”
的文化
随着时间的推移,尤其是在经历过安全漏洞或可靠性问题导致收入损失或其他不良后果
的情况下,组织可能会形成一种保守的风险文化。在一种极端的情况下,这种心态可能
会导致一种
说
“
不
”
的文化
:倾向于避免危险的变更以及由此可能带来的负面后果。当
借着安全性或可靠性的名义长期存在时,说“不”的文化会导致组织停滞,甚至阻碍创
新。我们发现,健康的组织有一种方法来应对说“是”时要面临的挑战,即会面临一些
风险。也就是说,要有意识地冒风险。要以这种方式拥抱风险,通常需要有能力评估和
衡量风险。
举一个具体的例子,本书第
8
章描述了保护
Google App
Engine
的方法,
Google App
Engine
平台可运行未经验证的第三方代码
。在这种情况下,
Google
的安全团队可能会认
为发布这款产品的风险太大。毕竟,运行任意不受信任的代码是众所周知的安全风险。例
如,管理代码的第三方可能会是恶意的,并试图逃逸出平台的执行环境,入侵基础设施。
为了解决这一风险,我们的产品团队和安全团队展开合作,开发出一款分层的、经过加固
的系统,使得我们能够发布一款原本看起来过于危险的产品。因为团队之间已经建立起了
信任关系,所以随着时间的推移,这类协作使得在平台上构建额外的安全措施变得越来越 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.