Second Hand National Bureau of Statistics Project: Some of my impressions and 8-point security measures

A few years ago, when the second hand was working, the second hand received a project from the National Bureau of Statistics.

I did not personally participate, but to understand some of the circumstances of this project, the documentation for this project, I also have some, more important and simple document is the common security measures that this article would like to share.

This project has made me realize that the world I am aware of is only a small part of the real world. The world is too complex, I can only know part of the situation forever.

The information and the knowledge that we each have, are always limited, and you cannot know all the information and facts. There are some people who are better than you, probably because they have more valuable information in their possession.

In this world of the jungle, there is no justice at all, the strong will be the boss.

Less complaints, more changes, is the positive solution ~

The project should be the "National Bureau of Statistics", the project is to undertake "a state-owned enterprise", the specific work is the "second hand."

It is said that the total price of the project is at least 3 million, and the second hand may only be 1 million. If only the construction of this project, the duration of 2 months, 20 people involved, but also often overtime, the second hand is not to make any money.

I analyze, the second hand to receive this project, is to have more resources, such as state-owned enterprises and other interest groups, to establish business cooperation bar ~

The world, selfless feelings are always a few, more business, business and trade it ~

------------------------------------------------------------------------

The security level mainly in the application layer processing, mainly has the identification, the access control, the security audit, the software fault tolerance, the resource control, the communication secrecy.
Here's a description of each treatment:
1 Identification:
When registering, the user is required to provide the user name, password, and authentication code as identity, which can prevent malicious programs from registering.
At the time of login, the data is verified by encrypted password. The data page is accessed with the user ID as the identity and the user data is obtained.

2 Access control:
There are some operations that require permission control, such as downloading workspace data, sharing data, and so on. When users use these features, they first verify the user's logon status.

3 Security Audits:
Each request URL is written to the log file and can be parsed later.

4 Software fault tolerance:
The website uses the dual server way service, uses the Nginx reverse proxy, when one server goes down, Nginx will turn all traffic to the normal service server.

5 Resource control:
Monitoring software Monitoring the operation of the site, if there are server anomalies, to alarm.

6 Communication confidentiality:
Temporarily only encrypts the user password, if the user chooses to save the password, will deposit a random value in the cookie, the next visit will compare with the database.


7. Database Double Room Backup:
To prevent accidental data loss, you need to take a remote backup of the database.

8.SQL injection, cross-site attack:
The Web site handles incoming parameters before executing SQL, thus avoiding the risk of SQL injection. The front-end page also encodes special characters to avoid the risk of front-end injection.

------------------------

This article is relatively simple, content is more meaningful, and not sensitive, so I shared it out.

In the future, more valuable and less sensitive content will be shared.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Second Hand National Bureau of Statistics Project: Some of my impressions and 8-point security measures