本文强调了在现代云计算环境中,安全设计对于软件开发的重要性。安全不应作为后期附加项,而需从设计之初即全面考虑,并贯穿整个开发流程。文章详细介绍了在应用层面保障安全的具体措施,包括保护用户数据、验证数据来源等。
In the cloud-enabled, highly networked world of modern computing, security is one of the most important facets of proper software engineering.
The most important thing to understand about security is that it is not a bullet point item. You cannot bolt it on at the end of the development process. You must consciously design security into your app or service from the very beginning, and make it a conscious part of the entire process from design through implementation, testing, and release.
在能使用云,高度网络化的现在编程领域,安全是好的软件编程需要重视的。
需要理解的,关于安全的重点问题是它不是一个重点项目。你不能把它放在编程的最后阶段。你必须吧安全设计在你app和服务的开始、设计的实现,测试和发布上。
At a Glance
At the application layer, security means being aware of how your code uses information and ensuring that it does so safely and responsibly. For example, it is your responsibility to:
- Keep users’ personal data safe from prying eyes. Store the data in a secure way, and ensure that your software collects only the information that it requires.
- Treat untrusted files and data with care. If your software accesses the Internet or reads files that might have previously been sent to someone over the Internet, your software must properly validate the data. If it does not, it might inadvertently provide a vector for attackers to access other personal data that may be stored on the user’s computer or other mobile device.
- Protect data in transit. If your software transmits personal information over the Internet, you must do so in a safe and secure fashion to prevent unauthorized access to or modification of the data while in transit.
- Verify the authenticity of data where possible. If your software provides access to or works with signed data, it should verify those signatures to ensure that the data has not been tampered with.
在应用层面,安全意味着意识到你的代码使用的信息和确保信息是安全的和可信赖的。例如,以下这些是你的职责
* 保证用户数据安全,不被别人窥探。用安全的方式存储数据。确保你的软件搜集的数据都是必须的
* 小心的对待不受信任的文件和数据。如果你从网络上读取之前发送给别人的文件,你的软件需要验证数据的合法性。如果你不这样做的话,你可能为攻击者访问用户数据提供了一个通道。
*在数据传输中保护数据。如果你的软件在网络上传递个人信息,你需要保护数据在传输的过程中不被访问和修改
*在需要的地方,验证数据的可靠性。如果你的软件提供或访问了签名数据,你需要验证这些签名,确保数据没有被修改
扫一扫
2144
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
