问题
I need to secure the communication between two backend servers. A simple api key was rejected by our security policy since attackers would be able to intercept it. IP restriction also, because it could be spoofed.
I was suggested to use a nonce, but wouldn't this mean that a request requires two roundtrips? I don't really like the idea of having twice the latency.
回答1:
without your description it's hard to be able to suggest the best way to do it.
If both servers are inside the same Datacenter, you can have some solution to have a private network.
If that's not the case, you can have and authentication system (oauth?) with a token which will be create and validated. You can use some other techno to sign your data with private and public keys. The nonce could be good too.
But if your servers are in a DC, they should have the same IP and not move. So why not have a whitelist (IP based) and something else like a nonce or a token
来源:https://stackoverflow.com/questions/46668529/secure-api-communication-between-two-backend-servers