如何在PHP中构建安全和RESTful服务? [英] How to build a secure and RESTful service in PHP?
问题描述
我正在构建一个应用程序系统,该系统由在云中"的服务器部分和例如iPhone或Android应用或网络浏览器.
I'm building an application system which consists of a server part "in the cloud" and a client part, e.g. an iPhone or Android app or a web browser.
服务器端是用PHP(LAMP)实现的,今天它是一个非常简单的服务器,具有许多php文件,可服务于每种类型的方法请求,例如:getCustomers.php,addNewCustomer.php等.另外,到目前为止,尚未使用任何安全性机制,并且托管服务器的ISP不提供SSL.是的,SSL不是安全性的选择.
Server side is implemented in PHP (LAMP) and is today a very simple server with a number of php-files serving each type of method request like: getCustomers.php, addNewCustomer.php and so on. Also, up until now, no security mechanism has been used whatsoever and the ISP hosting the server do not provide SSL. That's right, SSL is not an option for security.
现在,我想调整旧系统并使其:
1)真正的RESTful服务,并且
2)增加安全性,必须对用户进行身份验证和授权,但是纯文本密码当然是不可接受的.
Now, I want to gear up my old system and make it:
1) True RESTful service, and
2) Add security, users must be authenticated and authorized, but passwords in plain text is of course not acceptable.
我的问题很简单,我如何实现并实现上面的1)和2)点?是否有任何教程,书籍章节或博客文章将其描述成一个整体?还是我需要收集散布在整个网络上的信息,然后尽我所能将它们组合起来?
My question simply is, how do I achieve and realize point 1) and 2) above? Is there any tutorial, book chapter or blog article that describes this combined in a single piece? Or do I need to collect information sprinkled all over the web and then try to combine them the best I can?
然后,如果您知道答案,现在我希望我不太粗鲁,不要只说oAuth this或openID that,相反,我希望对方法或指针的清楚说明.博客文章对此进行了解释.不用说,我像疯子一样在网上搜索,但令我大吃一惊的是,找不到合适的答案!?
And please, if you know the answer, and now I hope I'm not too rude, do not just say oAuth this or openID that, instead I would appreciate a lucid explanation of the how or pointers to e.g. blog articles explaining this. Needless to say I have searched the web like a maniac but have, to my big surprise, not been able to find a good answer!?
关于,
史蒂夫
Regards,
Steve
推荐答案
是否有教程,书籍章节或博客文章描述了这些内容?
Is there a tutorial, book chapter or blog article that describes this comined in a singe piece?
我可以推荐 REST在实践中-超媒体系统体系结构作为构建 HATEOAS 系统的指南.它没有PHP示例,但包括一整章有关Web安全问题的内容,涵盖HTTP基本和摘要身份验证,OpenID和OAuth以及要注意的攻击媒介.
I can recommend REST in Practice - Hypermedia System Architecture as a guide to building HATEOAS systems. It has no PHP samples, but it includes a full chapter on Web Security Issues, covering HTTP Basic and Digest Auth, OpenID and OAuth and attack vectors to be aware of.
这篇关于如何在PHP中构建安全和RESTful服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
