使用 Web 服务公开 .NET DAL 是否会增加安全性? [英] Does using web services to expose a .NET DAL add security?
问题描述
目前我的雇主在 3 个服务器上部署了一个 Web 应用程序.
Currently my employer deploys a web application over 3 servers.
- DB - 没有公共路线
- Web 服务 DAL - 无公共路由
- Web 服务器 - 公共路由
这样做的原因是,如果 Web 服务器受到威胁,它们不会直接到达 DB,而是到达 DAL 框.
The reason for this is the theory that if the web server is compromised, they don't arrive at the DB directly, but instead arrive at the DAL box.
在我看来,由于 DAL 框和 Web 服务器框 - 都运行 Windows/IIS - 如果公共框已被攻破,同样的漏洞可能会在 DAL 框上起作用 - 因此我不认为这是真实的安全福利.
To my mind, as the DAL box and Web Sever box - both run windows/IIS - if the public box has been compromised, the same exploit would likely work on the DAL box - therefore I do not see this as a real security benefit.
我想建议我们去掉中间机器,让网络服务器直接连接到数据库.
I would like to propose we remove the middle machine and allow the web server to connect directly to the database.
这个中间的盒子真的有好处吗?
Is this middle box really a benefit?
推荐答案
Web UI 和数据库之间的 Web 服务层的安全优势至多是微乎其微的.即使使用 slugster 建议的网络基础设施,您的攻击者也只能从他/她的机器访问 Web 服务.考虑到这种妥协很可能还会让攻击者以某种形式远程访问 Web 服务器本身,您的网络级别访问限制完全没有用.您可能设法阻止某些形式的附加,但如果有人有兴趣访问该框,一旦他们获得它,您的网络上将无法区分攻击者和合法用户.
The security benefits of a web service layer between you web UI and database are, at best, minimal. Even with the network infrastructure suggested by slugster, your attacker is only unable to access the web services from his/her machine. Considering such a compromise would most likely also give the attacker some form of remote access to the web server itself, your network level access restrictions are totally useless. You might manage to prevent some forms of attach, but if someone is interested in getting access to the box, once they get it there is nothing on your network that will be able to distinguish an attacker from a legitimate user.
更糟糕的是,您必须维护额外的代码层才能支持这个额外的层,这意味着您将有更多的错误,并且需要更长的时间来创建新功能.
What makes it worse is that you are stuck with an extra layer of code that you have to maintain to support this extra layer, which means you are going to have more bugs, and it is going to take longer to create new features.
对此的一种方法是利用在架构上下文中谈论 CQRS 的人们所描述的一些技术.特别是在 本演示文稿中作者 Udi Dahan 他直言不讳地建议将您的数据库放在网络服务器上,并且只将数据存储在其中以支持网站.其他数据,即业务数据,存储在其他地方的单独数据库中.您还可以使用 NoSQL 数据库(如 MongoDB 或 RavenDB)来表示数据,而完全放弃关系数据库.
One approach to this would be to utilize some of the techniques described by the folks talking about CQRS in an architectural context. Specifically in this presentation by Udi Dahan he flat out suggests putting your database on the web server, and only storing the data in it you need to support the web site. The other data, the business data, is stored elsewhere, in a separate database. You could also use NoSQL databases, like MongoDB or RavenDB for the presentation data and forgo the relational database altogether.
有很多选择,其中一些甚至可以为您提供认为当前架构的安全级别.为这些类型的决定提供一些批判性思维总是一个好主意,我发现你提出这些类型的问题令人鼓舞.
There are a lot of options out there, and some of them will even give you the level of security you think your getting with your current architecture. It is always a good idea to provide some critical thinking to these sorts of decisions, and I find it encouraging that your asking these sorts of questions.
祝你好运.
这篇关于使用 Web 服务公开 .NET DAL 是否会增加安全性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
