我*必须*将第三方凭据存储在我的数据库中.最好的办法?
问题描述
我的应用必须从第三方读取 SSL url.如何最好地将第三方凭据存储在我自己的数据库中,从而保护第三方凭据不被泄露?考虑绝对安全性和实用性.单向散列凭据没有用,因为我必须将凭据还原为 SSL 调用的纯文本.我在谷歌应用引擎上使用 python,我的应用使用谷歌凭据进行身份验证.
My app must read an SSL url from a third party. How do I best store the third party credentials in my own database, which protects the third party credentials from being compromised? Consider both absolute security and practicality. One-way hashing the credentials is not useful as I must restore credentials to plaintext for the SSL call. I'm using python on google app engine, and my app authenticates with google credentials.
- 使用例如加密凭据AES 并将加密密钥保存在其他地方(只是移动问题),或 从凭据并保密算法(只是解决问题)
- 使用同步流密码加密凭证,从凭据和对算法保密(只是解决问题)
- 在专门用于存储第三方凭据的单独 Web 应用程序上,提供 SSL url 以接收第三方凭据,此 url 使用 google 凭据(与我的应用程序相同)访问,并且可以使用 authsub 或其他东西将授权转移到其他网络应用程序.这听起来更安全,因为破解一个非常简单的 web 应用程序更难,而且如果我的复杂主应用程序被泄露,第三方凭据也不会暴露.
- encrypt credentials using e.g. AES and save the encryption key somewhere else (just moves the problem), or derive it from the credentials and keep the algorithm secret (just moves the problem)
- encrypt credentials using a synchronous stream cipher, derive the (not)entropy from the credentials and keep the algorithm secret (just moves the problem)
- on a separate web app dedicated to storing third party credentials, provide a SSL url to receive the third party credentials, this url is accessed with google credentials (same as my app) and can use authsub or something to transfer authorization to the other web app. this sounds more secure because its harder to hack a trivially simple webapp, and if my complex main app gets compromised the third party credentials aren't exposed.
您如何看待所有方法?
解决方案
这是一项艰巨的任务,没有任何方法可以为您省去确保没有薄弱环节的麻烦.对于初学者,我不知道在 Google 上托管是否是最好的选择,因为您将失去控制权(我真的不知道 App Engine 的设计是否考虑到了所需的安全级别,您应该会发现out)并且可能无法进行渗透测试(您应该这样做.)
It's a difficult task, and no approach will save you the trouble to make sure that there is no weak link. For starters, I wouldn't know if hosting on Google is the best way to go, because you will be forfeiting control (I really don't know if App Engine is designed with the required level of security in mind, you should find that out) and probably cannot do penetration testing (which you should.)
拥有一个单独的小型应用程序可能是个好主意,但这并不能让您不必在这个较小的应用程序中以一种或另一种方式加密凭据本身.它只是为您带来了简单性,从而使事情更易于分析.
Having a separate small application is probably a good idea, but that doesn't save you from having to encrypt one way or the other the credentials themselves in this smaller app. It just buys you simplicity, which in turn makes things easier to analyze.
我个人会尝试设计应用程序,以便在每次使用后随机更改密钥,具有一种 一次性垫方法.您没有足够详细地指定应用程序以查看这是否可行.
I personally would try to design the app so the key changes randomly after each use, having a kind of one time pad approach. You don't specify the app in enough detail to see if this is feasible.
相关文章