Raysync Security Design: Web Security
As a file acceleration transmission software, for the convenience of users, Raysync can be accessed directly on the web. The browser supports the convenient process of interactive operation, and we should strictly control the security of the browser.
In the data transmission, we can simply divide the web into several layers:
Browser: Browser is the client, which provides data information interaction between the client and the server;
Http: When the client interacts with the webserver, there is a web request, which is based on the unified application layer protocol-HTTP protocol to exchange data. HTTP is a lightweight protocol, which requires no connection and provides fault tolerance for communication errors.
Middleware: Middleware is a general service between platform (hardware and operating system) and application.
Server container: Server container is responsible for parsing user requests and scripting languages, such as Tomcat and JBoss. When we visit the web page, we see the content processed by the web container;
Database: Dynamic pages can provide interactive information query service, which mainly depends on the realization of web databases. Web pages containing forms are provided as access interfaces, and query results are also returned to users in the form of Web pages containing data lists.
In view of the above points, the design of Raysync on web security:
User-side Web portal and management-side Web Portal support access IP address isolation and port isolation;
Support some nodes to disable user plane Web Portal or management plane web portal;
Support HTTP and HTTPS, and the administrator can disable HTTP and only expose Https service;
HTTPS TLS 1.1, TLS 1.2, TLS 1.3, only open the encryption algorithm suite recognized by the industry as safe;
On the Web page of Raysync login, the effective range of session is only valid for the current access page, completely eliminating CSRF cross-site attack;
Before each version of Raysync is released, Huawei Cloud Online Professional Web Vulnerability Scanning Service will be used to scan vulnerabilities and repair the latest released vulnerabilities in time.
As a file transmission acceleration software trusted by 2W+ enterprises, Raysync adopts the self-developed high-speed transmission protocol to build enterprise data transmission highway in the information age, and always puts enterprise data security at the top of its development.