×ðÁú¿­Ê±¹ÙÍøµÇ¼

ÔõÑùʹÓÃLinuxЧÀÍÆ÷±£»¤Web½Ó¿ÚÃâÊܻỰЮÖƹ¥»÷£¿

ÔõÑùʹÓÃLinuxЧÀÍÆ÷±£»¤Web½Ó¿ÚÃâÊܻỰЮÖƹ¥»÷£¿

¼ò½é£º

Ëæ×Å»¥ÁªÍøµÄ¿ìËÙÉú³¤ £¬WebÓ¦ÓóÌÐò³ÉΪÁËÎÒÃÇÉúÑÄÖбز»¿ÉÉÙµÄÒ»²¿·Ö¡£È»¶ø £¬WebÓ¦ÓóÌÐòÃæÁÙ×ÅÖî¶àÇå¾²Íþв £¬ÆäÖÐÖ®Ò»¾ÍÊǻỰЮÖƹ¥»÷¡£»á»°Ð®Öƹ¥»÷ÊÇÖ¸ºÚ¿Íͨ¹ýÖÖÖÖÊֶλñÈ¡Õýµ±Óû§µÄ»á»°ÐÅÏ¢ £¬È»ºóʹÓÃÕâЩÐÅÏ¢À´Î±×°³ÉÕýµ±Óû§¡£ÎªÁ˱£»¤Web½Ó¿ÚÃâÊܻỰЮÖƹ¥»÷ £¬ÎÒÃÇ¿ÉÒÔʹÓÃLinuxЧÀÍÆ÷µÄһЩ¹¦Ð§ºÍÊÖÒÕÀ´¼Ó¹ÌÎÒÃǵÄϵͳ¡£±¾ÎĽ«ÏÈÈÝһЩ³£ÓõÄÒªÁì¡£

ÉèÖúÏÊʵÄSSL/TLSÉèÖÃ

ΪÁ˱£»¤ÎÒÃǵÄWeb½Ó¿ÚÃâÊÜÖÐÑëÈ˹¥»÷ºÍÊý¾ÝÇÔÈ¡ £¬ÎÒÃÇ¿ÉÒÔʹÓÃSSL/TLSÀ´¼ÓÃÜÊý¾Ý´«Êä¡£ÔÚLinuxЧÀÍÆ÷ÉÏ £¬ÎÒÃÇ¿ÉÒÔʹÓÃNginxÀ´×÷Ϊ·´ÏòÊðÀí £¬²¢ÉèÖúÏÊʵÄSSLÖ¤ÊéºÍÃÜÂëÌ×¼þ¡£ÒÔÏÂÊÇÒ»¸öʾÀýÉèÖãº

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/nginx/ssl/example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com.key;
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256;
  
    # ÆäËûÉèÖÃ...
}

µÇ¼ºó¸´ÖÆ

Ç¿»¯»á»°Éí·ÝÑéÖ¤

ºÚ¿Íͨ³£Í¨¹ýÇÔÈ¡»á»°IDÀ´¾ÙÐлỰЮÖƹ¥»÷¡£ÎªÁËÌá¸ß»á»°µÄÇå¾²ÐÔ £¬ÎÒÃÇ¿ÉÒÔ½ÓÄÉÒÔϲ½·¥£º

ÌìÉúÇ¿ÃÜÂëµÄ»á»°ID£ºÊ¹ÓÃ×ã¹»³¤¶ÈµÄËæ»ú×Ö·û´®×÷Ϊ»á»°ID £¬Í¬Ê±°´ÆÚ¸üлỰID¡£

ͨ¹ýcookieÉèÖÃSecure±ê¼Ç£ºÔÚ½«»á»°IDдÈëcookieʱ £¬Ê¹ÓÃSecure±ê¼ÇÀ´Ö¸¶¨¸ÃcookieÖ»ÄÜͨ¹ýHTTPS´«Êä¡£

ʹÓÃHttpOnly±ê¼Ç£ºÔÚ½«»á»°IDдÈëcookieʱ £¬Ê¹ÓÃHttpOnly±ê¼ÇÀ´Õ¥È¡¾ç±¾ÓïÑÔ£¨ÈçJavaScript£©»á¼ûcookie £¬´Ó¶øÌá¸ßÇå¾²ÐÔ¡£

ÒÔÏÂÊÇÒ»¸öʹÓÃPHPºÍLaravel¿ò¼ÜÌìÉúÇ¿ÃÜÂëµÄ»á»°IDµÄʾÀý´úÂ룺

$sessionId = bin2hex(random_bytes(32));
session_id($sessionId);
session_start();

µÇ¼ºó¸´ÖÆ

ÉèÖÃÊʵ±µÄ»á»°ÓâÆÚʱ¼ä

ºÏÀíµÄ»á»°ÓâÆÚʱ¼ä¿ÉÒÔïÔÌ­»á»°Ð®Öƹ¥»÷µÄÓ°Ïì¹æÄ£¡£ÎÒÃÇ¿ÉÒÔÔÚLinuxЧÀÍÆ÷ÉϾÙÐÐÏêϸµÄÉèÖá£ÒÔÏÂÊÇÒ»¸öʾÀý £¬¼á³Ö»á»°30·ÖÖÓºóʧЧ£º

# ÐÞ¸Äsession.gc_maxlifetimeµÄÖµ
sudo nano /etc/php.ini

# ÐÞ¸ÄΪ30·ÖÖÓ£¬ÉèÖÃÉúЧÐèÒªÖØÆôЧÀÍÆ÷
session.gc_maxlifetime = 1800

# ÉúÑIJ¢Í˳ö
sudo systemctl restart php-fpm.service

µÇ¼ºó¸´ÖÆ

ʹÓÃCSRF±£»¤

CSRF£¨¿çÕ¾ÇëÇóαÔ죩¹¥»÷ÊǺڿÍͨ¹ýαÔìÕýµ±Óû§ÇëÇóÀ´¾ÙÐÐÕ¾µã²Ù×÷ £¬ÀýÈç·¢ËͶñÒâÇëÇ󡢸ü¸ÄÃÜÂëµÈ¡£ÎªÁ˱ÜÃâCSRF¹¥»÷ £¬ÎÒÃÇ¿ÉÒÔÔÚÊܱ£»¤µÄ±íµ¥ÖÐÌí¼ÓÒ»¸öÒþ²ØµÄÁîÅÆ £¬²¢ÔÚЧÀÍÆ÷¶Ë¾ÙÐÐÑéÖ¤¡£ÒÔÏÂÊÇÒ»¸öʹÓÃPHPºÍLaravel¿ò¼ÜÌí¼ÓCSRFÁîÅƵÄʾÀý´úÂ룺

<form action="/change_password" method="POST">
    @csrf
    <!-- ÆäËû±íµ¥×Ö¶Î... -->
    <button type="submit">Ìá½»</button>
</form>

µÇ¼ºó¸´ÖÆ

°´ÆÚ¸üÐÂϵͳºÍÈí¼þ

°´ÆÚ¸üÐÂЧÀÍÆ÷µÄ²Ù×÷ϵͳºÍÈí¼þÊǼá³ÖϵͳÇå¾²ÐÔµÄÖ÷Òª²½·¥¡£Ã¿¸öа汾µÄ¸üÐÂͨ³£¶¼»áÐÞ¸´Çå¾²Îó²îºÍÔöǿϵͳµÄ·À»¤ÄÜÁ¦¡£ÎÒÃÇ¿ÉÒÔʹÓÃÒÔÏÂÏÂÁîÀ´¸üÐÂϵͳºÍÈí¼þ£º

sudo apt update
sudo apt upgrade

µÇ¼ºó¸´ÖÆ

×ܽ᣺

ΪÁ˱£»¤Web½Ó¿ÚÃâÊܻỰЮÖƹ¥»÷ £¬ÎÒÃÇ¿ÉÒÔͨ¹ýÉèÖúÏÊʵÄSSL/TLSÉèÖá¢Ç¿»¯»á»°Éí·ÝÑéÖ¤¡¢ÉèÖÃÊʵ±µÄ»á»°ÓâÆÚʱ¼ä¡¢Ê¹ÓÃCSRF±£»¤ºÍ°´ÆÚ¸üÐÂϵͳºÍÈí¼þµÈÒªÁìÀ´¼Ó¹ÌÎÒÃǵÄϵͳ¡£ÕâЩҪÁì¿ÉÒÔÌá¸ßϵͳµÄÇå¾²ÐÔ £¬Í¬Ê±½µµÍϵͳ±»ºÚ¿ÍÈëÇÖµÄΣº¦¡£È»¶ø £¬¼á³ÖϵͳÇå¾²²¢²»ÊÇÒ»´ÎÐÔµÄʹÃü £¬ÎÒÃÇÐèÒªÒ»Ö±µØѧϰºÍ¹Ø×¢×îеÄÇå¾²Íþв £¬²¢ÎÞаµ÷½âÎÒÃǵÄÇå¾²²½·¥¡£

ÒÔÉϾÍÊÇÔõÑùʹÓÃLinuxЧÀÍÆ÷±£»¤Web½Ó¿ÚÃâÊܻỰЮÖƹ¥»÷£¿µÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±¹ÙÍøµÇ¼ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼ʵʱÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±¹ÙÍøµÇ¼

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
ÍøÕ¾µØͼ