Shulou(Shulou.com)06/01 Report--

1. Principle of blacklist and whitelist

Use whitelists as much as possible, not blacklists. For example, when you want to do restriction filtering, only provide a trusted whitelist, rather than provide an untrusted blacklist

Filtering the list is much more effective. In addition, you should be careful with the use of wildcards such as * in the whitelist.

2. The principle of minimum authority

That is to note that the system only grants the necessary permissions to the topic, not over-authorization. This can effectively reduce the chances of errors in systems, databases, networks, applications, etc.

3. Defense in depth principle

There are two meanings:

A: security programs are implemented at different levels and in different aspects.

For example, when designing the security scheme, we should take into account different aspects such as web application security, os system security, database security, network environment security and so on. Together to form a defense system.

B: to do the right thing in the right place is to implement effective and targeted programs where the fundamental problems are solved.

For example, when filtering the html entered by the user, it is necessary to analyze the syntax tree first, rather than rough < filtering, so as not to cause the user to express as 1.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.