保护FTP凭据的最佳做法 [英] Best Practices for securing FTP credentials

问题描述

关于安全性Azure App Service FTP凭据的最佳(或最佳做法)是什么?

What are best (or good) practice for security Azure App Service FTP credentials?

我可以看到并了解发布设置"功能和重置发布设置"，

I can see and understand the "Publish Settings" feature and "Reset Publish Settings", 

但是，似乎部署人员需要在本地计算机上拥有这些凭据，所以最好的办法是确保将其保存在某种本地文件库中.

However, it seems that the person doing deployment needs to have those credentials on their local machine, so the best would be to ensure that they keep them in some kind of local vault.

或者有没有一种方法可以完全或部分地自动完成对ASP.NET站点的部署，从而有效地隐藏FTP凭据.

Or is there a way to fully or partially automate the deployment to an ASP.NET site that effectively hides the FTP credentials.

任何对此的指导将不胜感激.

Any guidance on this would be appreciated.

谢谢！

推荐答案

这不是特定于Azure App Service的问题，而是更常见的问题.在有多个用户使用多台计算机与一个FTP服务进行通信的情况下，如何避免跨用户/计算机共享/保留秘密(FTP U/P)?

This is not Azure App Service specific but more general question.  In the scenario where there are multiple users using multiple computers communicating with a single FTP service, how does one avoid sharing/persisting secret (FTP U/P) across users/machines?

对于Azure App Service，一个想法是您可以编写工具(或脚本).首先执行Azure CLI供用户登录，然后检索发布凭据并使用它执行FTP.  既不安全地存储也不保留任何信息.  这 将项目部署到Azure App Service时，Visual Studio就是这样做的.

For Azure App Service, one idea is you might write a tool (or a script).  First execute Azure CLI for user to logon, then retrieve the publishing cred and use it to do FTP.   Neither insecurely store nor persist any information.   This is what visual studio does when deploying project to Azure App Service.

好处是每个用户都需要经过身份验证和授权(审核).当然，如果用户了解该工具具有适当的权限，则可以保存其信誉以备将来使用.缓解措施是每天重置信用额度，或每个月重置更多/更少频率的信用额度 您的要求.

Benefit is each user needs to be authenticated and authorized (audit).   Of course, if user understand the tool have proper permission, they can save the cred for future.  The mitigation is to reset the cred daily or more/less frequent per your requirement.

希望这会有所帮助，

这篇关于保护FTP凭据的最佳做法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！