I'm planning a large PHP project for a commercial website dealing with Bitcoin-related services. This will be an attractive target for hackers.
Besides making the site itself as secure as possible, I'm also wrapping my head around things like: database logins and passwords, public + private keys, secret authentication keys for remote APIs or external services, SSH keys, Bitcoin wallets, etc.
Obviously I need them somewhere within my PHP sources. I usually put all secret or sensitive details in a separate include file (e.g. 'passwords.php'), which I place outside of the HTTP document root. So visitors can never directly access the file itself.
But there's more:
What about the hosting provider? Of course I have to trust them if I'm hosting my server with them in the first place, but is there anything I can do to lower the risk of some employee abusing risky stuff such as Bitcoin exchange API keys?
Git repositories: especially if we are to host git reposities remotely, should I keep the passwords.php file completely out of the git repository, to make sure the data doesn't leak anywhere? (but then how do I go about version control or distribute it to team members?)
Strict communication policies: I will be working with multiple people, and I want to avoid anyone ever emailing or plain-FTP'ing these sensitive details. Some people will only need access to a testing environment, not the actual production server. How do I restrict access to passwords.php (containing actual server logins etc) only to those who really need it?
I have no clear idea yet exactly how to tackle these issues. Would anyone have some suggestions, or an indication how to set this up correctly?
答案 0 :(得分:1)
这听起来像是一项艰巨的任务。涉及很多风险。但是追求目标的道具。
至于安全性,我不是专家,但你最好的可能是重加密。除此之外,我认为在处理ISP和托管服务提供商等外部资源时,总会遇到漏洞。你不能这么想,如果你无法帮助它,你需要找一个新的主机。
我建议使用Amazon Web Services托管您的应用程序。它们提供易于管理,安全,可靠的Web服务。一旦你开始分割你的应用程序(数据库服务器,缓存集群,媒体服务器等),它将变得更少“我希望我不被黑客攻击”更多的“我希望我能自己管理所有这些废话!”
我建议您寻找一位经验丰富的全栈开发人员,甚至是一个小团队,重点关注安全性和加密。随着所有MtGox的东西下降,你正在走一条非常严肃的道路,所以要非常谨慎和勤奋。祝你好运。