编程和编码的区别_安全编程和编码提示

编程和编码的区别

While security has always been a concern for individuals and companies online, today this is more true now than ever. Hacks and data breaches are skyrocketing and hundreds of millions of people are being compromised every year. While this happens to big businesses, it can also happen to small entities or even individuals as well.

尽管安全性一直是个人和公司在线关注的问题，但如今，这比以往任何时候都更加真实。 骇客和资料外泄事件激增 ，每年都有成千上万人受到损害。 虽然这发生在大型企业，但也可能发生在小型实体甚至个人。

As a result, it is more important to ensure the code you or your company is writing remains secure. While it is impossible to avoid every potential attack, hack or data breach, you can try your best to prepare. While things such as testing frequently and using passwords can help, they are far from the only ways to secure your code. With that in mind, this article is going to look at a few tips for secure programming and coding.

因此，确保您或您的公司正在编写的代码保持安全至关重要。 虽然无法避免所有潜在的攻击，黑客攻击或数据泄露，但您可以尽最大努力进行准备。 虽然经常进行测试和使用密码之类的方法可以有所帮助，但它们并不是保护代码安全的唯一方法。 考虑到这一点，本文将探讨一些安全编程和编码的技巧。

利用日志管理 (Utilize Log Management)

Whether you have programmed an app or a piece of software, it is important to monitor it going forward after the initial coding is done. Without any sort of monitoring, you may not be any the wiser if someone hacks you. As a result, using a service or tool like log management and monitoring is important. Logs are a time-stamped documentation of events that are related to a particular system.

无论您是对应用程序进行编程还是对软件进行编程，在完成初始编码后对其进行监视都是很重要的。 没有任何形式的监控，如果有人对您进行黑客攻击，您可能就不是一个明智的选择。 因此，使用诸如日志管理和监视之类的服务或工具非常重要。 日志是带有时间戳记的与特定系统相关的事件的文档。

Log management allows you to analyze and store these logs and show you trends or events in the system. So if something unexpected occurs within your code or piece of software, you will be able to figure out where that occurred and what happened. As you could imagine, this is very helpful when it comes to both security and compliance.

日志管理使您能够分析和存储这些日志，并向您显示系统中的趋势或事件。 因此，如果您的代码或软件中发生了意外情况，您将能够找出发生在哪里以及发生了什么。 可以想象，这在安全性和合规性方面非常有用。

There are many different log management platforms, tools, and services out there, so be sure to do some research to find the right one. Sites like DNSstuff offer reviews of different tools, so you can decide which is the right one for your needs.

那里有许多不同的日志管理平台，工具和服务，因此请确保进行一些研究以找到正确的平台。 诸如DNSstuff之类的网站提供了不同工具的评估，因此您可以决定哪种工具最适合您的需求。

限制访问 (Restrict Access)

While being liberal with handing out access can help ensure no roadblocks are encountered in the future, security is more important. Unfortunately, the more people that have access to your code, the higher the chance that something becomes compromised. This is because most data breaches are actually a result of human error, so be careful with how much access you provide to employees.

尽管放开访问权限可以帮助确保将来不会遇到障碍，但安全性更为重要。 不幸的是，有权访问您的代码的人越多，则某些东西被破坏的机会就越高。 这是因为大多数数据泄露实际上是人为错误造成的，因此请谨慎对待您为员工提供的访问权限。

Only those who are actively working on the code should have access to it. Give people the smallest amount of access they need to do the job. There are a number of different ways you can control or restrict access. This gives data owners and businesses a lot of flexibility for choosing who they want to provide access to.

只有积极从事代码工作的人员才能访问它。 为人们提供完成工作所需的最少访问权限。 您可以通过多种不同方式来控制或限制访问。 这为数据所有者和企业提供了很大的灵活性，可以选择他们想要向谁提供访问权限。

考虑增加代码延迟 (Consider Adding Delays to Code)

While many people think of a hack or data breach involving a single individual trying to “crack the code,” this isn’t often the case. Oftentimes, these criminals will rely on powerful computers to relentlessly try and access your code, systems or files. They can do this either by continuously posing as a user trying to access or by trying billions of different password combinations.

尽管许多人认为黑客或数据泄露涉及单个人试图“破解代码”，但这种情况并不常见。 通常，这些犯罪分子会依靠功能强大的计算机来不断尝试并访问您的代码，系统或文件。 他们可以通过不断冒充试图访问的用户或尝试数十亿种不同的密码组合来做到这一点。

One thing you can do to combat these efforts is to add some delays to your code. This delay will help slow these bots down to a half, without affecting the experience of actual humans. There are different ways you can do this, such as adding slight delay with each incorrect log-in attempt.

与这些工作作斗争的一件事是在代码中添加一些延迟。 这种延迟将有助于将这些自动程序的速度降低一半，而不会影响实际人类的体验。 有多种方法可以执行此操作，例如，每次不正确的登录尝试都会增加一些延迟。

Hopefully, this article has been able to help you learn how to program and code in a more secure manner. Protecting your code and making sure it works and is secure is paramount to being successful in the space.

希望本文能够帮助您学习如何以更安全的方式进行编程和编码。 保护您的代码并确保其有效且安全对于在该领域取得成功至关重要。

翻译自: https://www.thecrazyprogrammer.com/2019/03/tips-for-secure-programming-and-coding.html

编程和编码的区别