什么编程实践可以帮助减少入侵我的应用程序或数据库的可能性？ [英] What programming practise can help reduce the probability of hacking into my app or is database?

问题描述

-3
下来投票

最爱





我正在写一个桌面应用程序在C ++ for windows中。它将紧跟web版本（在PHP中，然后在asp中），Linux，Mac，android，blackberry和iOS版本。



数据库将是托管在谷歌云或公司网站托管位置。



什么编程练习可以帮助减少入侵我的应用程序或数据库的可能性？



我的顾虑是：



我在连接字符串的痛苦文本中写入数据库连接密码。有没有办法在连接字符串中以非纯文本写入数据库连接密码？



我计划使用我的程序直接连接到远程数据库连接字符串。我是不是更明智地与像php这样的服务器端脚本进行套接字连接，让服务器端脚本进行数据库查询和访问并将结果返回给我的应用程序？



哪个更好使用证书，使用ssl或使用公钥/私钥对保护从客户端发送到服务器的数据？



事实是我不知道黑客攻击，我必须向用户保证他们的数据是安全的。

-3 down vote
favorite


I am writing a desktop app in C++ for windows. It will be followed closely with the web versions( in PHP, then in asp), versions for Linux, mac,android, blackberry and iOS.

The database will be hosted in google cloud or the company website hosting location.

What programming practice can help reduce the probability of hacking into my app or is database??

My concerns are:

I write database connection password in pain text in connection strings. Is there a way to go about writing database connection password in non-plain text in the connection strings?

I plan to connect directly to a remote database from my program using a connection string. Is it not wiser that I do a socket connection to a server-side script like php and let the server-side script do the database querying and accessing and return the result to my app?

Which is better using certificates, using ssl or using public/private key pair to secure data sent from client to server?

The truth is that I don't know about hacking and I must assure users that their data is safe.

推荐答案

从技术上讲，没有设备应该直接与数据库通信。



大多数情况下，设备会与Web服务进行通信，Web服务会在内部将查询路由到数据库（直接或通过其他一些层）。

当然，设备和Web服务之间的通信必须加密。 https协议就是为了这个目的。



这些领域，体系结构，安全性，平台之间的兼容性都是一个问题本身。在快速解答帖子中处理所有这些都非常雄心勃勃。



我的感觉是（没有双关语意，这是为了你自己的利益）你不应该签订任何安全合同在研究了这个主题并进行了一次体面的，经过良好单元测试的实施之前。混合我的比喻，就像我的祖母开始编织安全气囊;可爱但很无用，如果没有危险的话。



亲切。

Technically, no device should communicate directly with the database.

Most often, devices talk to a web service, which will internally route the query to the database (directly or through some other layer(s)).
Of course, communications between devices and web service have to be encrypted. https protocol is meant for that.

Each of these fields, architecture, security, compatibility between platforms, is a hell of a question by itself. Treating all of them in a Quick Answer post is quite ambitious.

My feeling is (no pun intended, that's for your own good) you should not contract on anything security related before having studied toroughhly the subject and come to a decent, well unit-tested implementation. To mix my metaphors, that would be like my grandmother starting to knit airbags; cute, but quite useless, if not dangerous.

Kindly.

这篇关于什么编程实践可以帮助减少入侵我的应用程序或数据库的可能性？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！