Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Secure by default principle

2025-03-30 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Principle of blacklist and whitelist

Use whitelists as much as possible, not blacklists. For example, when you want to do restriction filtering, only provide a trusted whitelist, rather than provide an untrusted blacklist

Filtering the list is much more effective. In addition, you should be careful with the use of wildcards such as * in the whitelist.

2. The principle of minimum authority

That is to note that the system only grants the necessary permissions to the topic, not over-authorization. This can effectively reduce the chances of errors in systems, databases, networks, applications, etc.

3. Defense in depth principle

There are two meanings:

A: security programs are implemented at different levels and in different aspects.

For example, when designing the security scheme, we should take into account different aspects such as web application security, os system security, database security, network environment security and so on. Together to form a defense system.

B: to do the right thing in the right place is to implement effective and targeted programs where the fundamental problems are solved.

For example, when filtering the html entered by the user, it is necessary to analyze the syntax tree first, rather than rough < filtering, so as not to cause the user to express as 1.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report