我的应用程序源代码在heroku上的安全性如何? [英] How secure is my application source code on heroku?
问题描述
我想将我的Web应用程序从cloudfoundry迁移到heroku.但是,我仍然感到困惑.
I want to migrate my webapp from cloudfoundry to heroku. But there is still one thing i'm confused about.
每次要将应用程序部署到heroku时,都必须将源代码推送到其git存储库中.该存储库的安全性如何?如果我不想将我的源代码提供给其他人该怎么办?
Everytime you want to deploy your application to heroku, you've to push your source code to their git repository. How secure is this repository? What if i don't want to give my source code into someone others hands?
您对此有何看法?
推荐答案
问题
您不了解解释语言或托管服务提供商的工作方式.如果您使用的是Ruby之类的解释型语言,则需要在服务平台上提供源代码.即使您的代码经过压缩,混淆或字节编译,也必须在服务平台上进行提供,所以使用任何语言或托管服务提供商对您来说都是一个问题
The Problem
You aren't understanding how interpreted languages or hosting providers work. If you're using an interpreted language like Ruby, you need to have your source on the service platform. Even if your code is compressed, obfuscated, or byte-compiled, it has to be on the service platform to be served up, so this is going to be a problem for you with any language or hosting provider.
您还不了解字节码的性质.字节码解释器可以读取您的文件.此外,那里还有Java反编译器,可将字节码转换回源代码.搜索堆栈溢出将显示讨论Java反编译器的帖子.除非您认为通过隐秘的安全性"很有用,否则您可能应该停止以任何有意义的方式将字节代码视为安全的.
You're also not understanding the nature of byte code. A byte code interpreter can read your files. In addition, there are Java decompilers out there to turn byte code back into source code. A search Stack Overflow will show you posts discussing Java decompilers. Unless you think "security through obscurity" is useful, you should probably stop thinking of your byte code as secure in any meaningful way.
- 构建出色的软件,开展良好的业务,并且不要因为担心有人抄袭您的for循环而睡不着觉.这可能是您最简单的解决方案.
- 如果您不信任托管服务提供商或托管设施,则必须在内部托管您自己的文件.即使那样,除非您计划自己完成所有工作,否则您仍然必须信任某人来维护系统.
- 考虑一些锡箔小百货.
Herku上的Git存储库不是公共存储库,就像您在GitHub上找到的那样.这不比通过任何其他方式传输文件安全",而且肯定比许多服务平台上的常规FTP上传更安全.
Git repositories on Herku are not public repositories like you'd find on GitHub. It's no less "safe" than transferring your files around by any other means, and certainly more secure than the usual FTP uploads on many service platforms.
安全始终是一个权衡.这绝对重要,但是除非您定义了比一般不信任更好的威胁模型,否则您将无法开发适当的控制措施.
Security is always a trade-off. It's definitely important, but unless you've defined a better threat model than general distrust, you won't be able develop adequate controls.
这篇关于我的应用程序源代码在heroku上的安全性如何?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
