Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

能否分享下 Apollo 安全加固方面的经验或思路? #635

Closed
tuxknight opened this issue Jun 9, 2017 · 6 comments
Closed

能否分享下 Apollo 安全加固方面的经验或思路? #635

tuxknight opened this issue Jun 9, 2017 · 6 comments

Comments

@tuxknight
Copy link

应用有很多敏感的配置信息,为了防止数据泄露需要对 apollo 进行哪些安全加固呢?
比如:
config service 端口访问策略
admin service 端口访问策略
之类的。
@nobodyiam
Copy link
Member

admin service只为portal服务,所以理论上只要portal能够访问到它即可。

config service需要服务客户端、admin service和portal,所以可以适当扩大访问范围,比如生产的config service只允许生产的机器访问即可。

另外,Apollo本身目前不对所存储的数据做任何加密措施,所以如果有敏感信息的话,建议存入Apollo的就是加密后的数据,然后在客户端解密。

@nobodyiam
Copy link
Member

另外,对于这类敏感需要加密的配置,可以通过open api操作,从而免去人工误操作。

@ayanjoyful
Copy link

portal服务现在访问直接进入配置页面,我们这块有权限登陆控制进入配置页面功能吗

@nobodyiam
Copy link
Member

目前配置的查看是没有权限控制的,不过有其它公司定制apollo加上这块查看权限控制的

@nobodyiam
Copy link
Member

这个Issue先关闭了,在Portal上控制查看权限这个我们已经记下了,后面会做的。

如果有更好的建议,可以提Feature Request

@nobodyiam
Copy link
Member

#1531 支持设置某个环境的配置只能被项目成员看到,非项目成员无法查看,可以看一下

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nobodyiam @tuxknight @ayanjoyful