September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
面向易理解性的设计
|
83
面的攻击。
但是有一点需要特别注意:
T
ink
不能避免加密代码中高级别的设计错误。例如,没有足够
密码学背景的软件开发人员可能会选择通过散列来保护敏感数据。如果所涉及的数据来自
一组(在密码学概念中)规模相对较小的数据,例如信用卡或社会保障号码,则数据是不
安全的。在这种情况下,使用加密散列而不是认证加密是设计层面的错误,这种错误高于
Tink API
的维度。安全审查人员不能仅仅因为代码使用
T
ink
而非其他加密库,就断定程序
中没有这种错误。
软件开发人员和审查人员必须关注库和框架能保证以及不能保证哪些安全和可靠的属性。
Tink
可防止许多可能导致低级加密漏洞的错误
,但不能防止基于使用错误的加密
API
(或
者根本不使用加密)的错误。类似地,安全构造的
We
b
框架可以防止
XSS
漏洞,但不能
防止应用程序中业务逻辑的安全缺陷。
6.5
小结
易理解性系统中体现的可靠性和安全性优势,是深刻且紧密相连的。
尽管“可靠性”有时被视为“可用性”的同义词,但这一属性实际上意味着系统的所有关
键设计的保证:可用性、持久性和安全不变量等。
我们构建易于理解的系统的主要指导思想是,使用清晰的、有约束的组件来构造系统。其
中一些组件可能构成其可信计算的基础,因此可以集中解决安全风险。
本章中还讨论了在这些组件内部和外部实施所需属性的策略,如安全不变量、弹性架构和
数据持久性。其中包括以下策略。
•
窄、一致、类型化的接口。
•
一致且精心实现的身份认证、授权和账号管理策略。
•
为活动实体分配明确的身份标识,无论是软件组件还是人工管理员。 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.