两个后端服务器之间的安全api通信 [英] secure api communication between two backend servers

问题描述

我需要确保两个后端服务器之间的通信安全.我们的安全策略拒绝了一个简单的api密钥，因为攻击者可以拦截它. IP限制也可以被欺骗，因为它可以被欺骗.

I need to secure the communication between two backend servers. A simple api key was rejected by our security policy since attackers would be able to intercept it. IP restriction also, because it could be spoofed.

有人建议我使用随机数，但这是否意味着一个请求需要两次往返?我真的不喜欢将延迟增加一倍的想法.

I was suggested to use a nonce, but wouldn't this mean that a request requires two roundtrips? I don't really like the idea of having twice the latency.

推荐答案

在没有您描述的情况下，很难提出建议的最佳方法.

without your description it's hard to be able to suggest the best way to do it.

如果两个服务器都在同一个数据中心内，则可以使用一些解决方案来拥有专用网络.

If both servers are inside the same Datacenter, you can have some solution to have a private network.

如果不是这种情况，则可以使用带有令牌的身份验证系统(oauth?)，该令牌将被创建和验证. 您可以使用其他一些技术来用私钥和公钥对数据进行签名. 随机数也可能很好.

If that's not the case, you can have and authentication system (oauth?) with a token which will be create and validated. You can use some other techno to sign your data with private and public keys. The nonce could be good too.

但是，如果您的服务器位于DC中，则它们应具有相同的IP并且不能移动.那么为什么不拥有白名单(基于IP)以及诸如nonce或令牌之类的其他东西

But if your servers are in a DC, they should have the same IP and not move. So why not have a whitelist (IP based) and something else like a nonce or a token

这篇关于两个后端服务器之间的安全api通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！