Network programming Four: the implementation process of the TCP socket server in the Internet need to consider which security issues

650) this.width=650; "src=" Http://s5.51cto.com/wyfs02/M02/78/3B/wKioL1Z4sNyR1HHTAALGkOT_xTQ973.jpg "title=" B85e62c678b4a8859b03671be2e6a1bf_b.jpg "alt=" Wkiol1z4snyr1hhtaalgkot_xtq973.jpg "/>

This once was the answer to the Internet in the TCP socket server implementation process need to consider what security issues-Auxten's answer

Recently, I have been asked questions about the issue, in the column replacement, hoping to help more people

First of all, this is a big proposition, before 360 in charge of a few external service development , also is a little experience, I try to answer

Security issues in the Internet environment I mainly divided into the following categories

• 1. The information transmission process was stolen by hackers

• 2. Security of the server itself

• 3. Security of server-side data

First, if you can use HTTPS, as far as possible with HTTPS, can use Nginx and other common server, the use of common servers, mainly to avoid the following problems:

• own implementation of the protocol &server end may have a variety of bugs by buffer overflow attack, etc.

• SSL encryption system is mature enough to be trusted in the field of anti-eavesdropping

Fortunately, the attack on private protocol services requires a hacker analysis protocol, which adds a layer of protection to the general small service. But if you work in a big company, tall tree catches must at least be theoretically free of security loopholes. God horse,xor confuse a bit, C/s End write dead a symmetric key this kind of deceiving thing don't do, otherwise will die of difficult to see.

If you need to implement the server side, the implementation of a set of qualified SSL is very test of the foundation:

• The first thing to understand is the principle of SSL encryption system key exchange

• A deep understanding of symmetric and asymmetric cryptographic algorithms

• How to implement a set of key exchange system with asymmetric encryption algorithm

• How to handle CA certificates How to avoid man-in-the-middle attacks in self-signed situations

In the process of project realization, we should consider

• Various possible buffer overflow attacks

• SYN flood attack slow connection attack

• DDoS is difficult to defend against, but can at least protect against Dos attacks.

Business logic level, to consider

• User & permission verification for each interface

• will the interface be used for replay attacks ?

• The attacker will not find an interface that consumes server resources at a small cost to consume server resources

• User's username password will not be broken through interface see celebrityphoto hack

• Will your service be exploited by hackers to attack other services, especially those that will crawl what resources according to user input?

• An ancient SQL injection

• Shameless phishing Service DNS fraud

• Also consider the cross-site that involves the HTML ...

Even if you do it perfectly, consider that a teammate sometimes loses a chain.

• GLIBC, OpenSSL these base libraries will also be vulnerable see Heartbleed

• Other services on the same host are compromised

After writing it, the whole person is not good.

About the encryption and decryption algorithm see: Encryption and decryption encryption& hash Algorithm----Primer-for Payroll programming-know-how column

Copyright belongs to the author

Commercial reprint please contact the author for authorization non-commercial reprint please specify the source.
The author can look at my column of knowledge
Link http://zhuanlan.zhihu.com/auxten/20315482
This is a series of articles on the four of the five have been written will continue to move to linuxtone anxious classmates can see

• Network Programming (V): Applications for long connections & connection pooling

• Network Programming (VI): ports Those things

==================================

"Want to learn more wonderful content welcome attention"

Contact reboot-have more technology to share, Exchange please dabigatran 238757010

This article is from the "Reboot DevOps Development" blog, please be sure to keep this source http://opsdev.blog.51cto.com/2180875/1727062

Network programming Four: the implementation process of the TCP socket server in the Internet need to consider which security issues