What three levels should we start from to ensure data security?

Two meanings of data security:

(Learning video sharing: Programming video)

1. It is the data itself safety.

Mainly refers to the use of modern cryptographic algorithms to actively protect data, such as data confidentiality, data integrity, two-way strong identity authentication, etc.;

2. It is the security of data protection.

Mainly uses modern information storage methods to actively protect data, such as disk arrays, data backup, off-site disaster recovery and other means to ensure data security. Data security is an active containment measure. The data itself Security must be based on reliable encryption algorithms and security systems, mainly including symmetric algorithms and public key cryptography systems.

2. How to ensure data security?

You can start from three levels: operating system; application system; database; the more commonly used ones are: security measures at the application system and database levels.

1. Operating system level:

Firewall settings. For example: set port 8080 so that only your own computer can access it.

2. Application system level:

Such as: login interception; interception of access requests
Login interception{
            Use filters to filter all requests [form requests and ajax requests],
If you are not logged in, no matter what access path request is entered, it will jump to the login page.
}
Login authority allocation {
Ordinary user: After logging in, you cannot enter the administrator's unique page through the access path.
Administrator:
VIP user: Control functions down to button level. Some functions are available to ordinary users but cannot be used.
    }  
The password cannot be [clear text] and must be encrypted; the encryption algorithm must be irreversible and there is no need to know the customer's password.
Password encryption algorithm{
1> MD5--not safe and can be cracked.
Need to encrypt the 32 -bit string of the MD5 (you know only the number of times), not easy to crack;
2 & gt; after many times the encryption, forget the password when logging in, you can only reset the password,
It it can be reset,
It it can be reset,
It it can be reset. I won't tell you the original password because the administrator doesn't know it either.
}
General financial projects will encrypt sensitive data information (such as ID number, photo).

The three regulatory commissions (China Insurance Regulatory Commission, China Banking Regulatory Commission, China Securities Regulatory Commission), banks and other special institutions must insert a special U-shield to enter the password to log in.

3. Database level:

oracle database {
              The data on the local hard disk itself is encrypted.
                [JNDI] Encryption algorithm, an encryption for database connection pools.

When others get the database password, all they see is the JNDI encrypted name.

}Related recommendations:

Website Security Tutorial######

The above is the detailed content of What three levels should we start from to ensure data security?. For more information, please follow other related articles on the PHP Chinese website!