When docking with a third-party interface, will there be any security problems after giving your own server ip to the other party?

the server is on Aliyun. When we dock with a third party, we give them the access address of our server. Although it is a pure interface interaction, this server is also the address where we access the background management system. Whether this will cause our business system to be exposed to each other, now the browser will enter this address and open the home page of the background, although there is a login user name as a restriction. But it"s still possible to be invaded. We have also considered using ip whitelist before, but because both customers and our technology will go up to do maintenance, we cannot exhaust ip. We have thought of using a special suffix path to open the background page, which may be safer but still not safe. I wonder if there is any good plan to prevent our internal system from being exposed?

Network security

Apr.16,2022

according to the information above, the solutions suitable for you at this stage can be as follows:

the domain name that limits access to your background management system. If another domain name is used for the interface service, the domain name of the interface service is not allowed to access the domain name managed by the background.
add IP whitelist mechanism with external maintenance and management requirements, and use mechanisms such as jump machine and VPN to limit it (that is, you must log in to the jump machine before you can remotely log in to the machine and VPN can be connected to a whitelist IP address before you can access the background management)

the above two can be used together.

there is another kind of thing that is designed to solve the problem of interface exposure like yours, which is called open gateway.
you need to register your interface with the open gateway, others are calling the open gateway to call your system.

Previous: When the data changes in echarts-for-react, how to update the chart in real time.

Next: Don't you call the Object constructor to create objects literally in javascript?

Network returns Json,. Returns html with requests post.
return the request header with r.request.header and find that it is different from the message I sent. I don t know what s wrong? import requests url = https: investment.my089.com credit index def get_1month(): headers = { A...

Python network json

Feb.28,2021
Port communication, ingress port is bound, is there any restriction on exit?
give an example, the local client accesses the remote mysql server 3306 port. requires access to remote port 3306. my question is: does the network of the local client need to apply? Local access to remote port 3306, which port is used by the local...

Firewall network port tcp

Feb.28,2021
Once the FTP service is enabled, others can use the ftp address (ftp://192.168.)) Did you visit? Still need a domain name.
win10ftpftp: 192.169.5..., ftp...

Php java-web web http Network-Transport-Protocol

Mar.02,2021
After the number of pptp connections exceeds two, the later connections cannot access the public network.
IP forwarding is enabled for server deployment pptp,iptables. after the completion of the dial-up connection of other computers, the first two are normal, but it is found that the computers connected behind cannot access the external network. I am a r...

Vpn linux pptpd pptp Network

Mar.03,2021
Dual IP servers can only be accessed through one IP, but other IP servers on the same network segment can be accessed.
as shown in the figure: there are two PC, with IP beginning with 10 (hereinafter referred to as 10PC) and one with IP starting with 192 (hereinafter referred to as 192PC). there are three servers, all with 10 IP, one of which has 192IP. the curr...

Network Network-Communication Network-Topology-Diagram

Mar.03,2021
What is the difference between TCP and UDP?
The UDP header does not contain any information that does not exist in the TCP header. In this case, why, as a programmer, must specify header information (port and IP address) when sending UDP packets, but not when sending a TCP packet? ...

Network

Mar.03,2021
Why does the stompClient.connect method not execute when using SockJS for WebSocket connections?
function connect() { var socket = new SockJS( socket ); stompClient = Stomp.over(socket); stompClient.connect({}, function (frame) { setConnected(true); }); console.log("...

Sockjs websocket Front-end Network Network-Transport-Protocol

Mar.04,2021
How to input multiple features by pytorch
I just started to learn about machine learning. When I tried to do some small things, I found that there was only one feature entered in the pytorch content on the Internet, which may be because my keywords were wrong. If I want to use pytorch to create...

Neural-network machine-learning

Mar.04,2021
How to understand that the TCP/IP protocol is data flow oriented and the UDP protocol is Datagram oriented?
how does RT, understand that the TCP IP protocol is data flow oriented and the UDP protocol is Datagram oriented? ...

Udp tcp-ip computer-network

Mar.04,2021
Has anyone installed python3.6 's python-midi package on windows?
I want to train a neural network to generate music, but I can t install python3.6 s python-midi package on windows. I think many open source projects on github are useful for this, but I took a look at python-midi s setup.py, whether it doesn t ...

Neural-network python

Mar.05,2021
How to understand static void * a = & a;?
how to understand this line of code? static void * a = &a; I saw it on the source code of AFN. static void *AFHTTPRequestSerializerObserverContext = &AFHTTPRequestSerializerObserverContext; The AFURLRequestSerialization.h file is used wh...

C afnetworking3.0 objective-c cPP

Mar.06,2021
Get mac question
non-local area network, is there a way to get the mac address of a host? Know ip ...

Network-management network computer-network

Mar.06,2021
How to use LAN Interface for fixed Weft Power supply
how to use to control the output of the front power supply on the back of the LAN network port of the fixed-weft psw series 30-36 power supply. Thank you for more details. ...

Network-Transport-Protocol linux

Mar.06,2021
How to understand that ADSL users enjoy exclusive bandwidth and are dedicated to the line, which is not affected by the increase in the number of users. `?
ADSL technology can make full use of the existing PSTN (Public Switched Telephone Network, public switched telephone network). As long as ADSL equipment is installed at both ends of the line, it can provide users with high broadband services without rew...

Computer-network network

Mar.06,2021
Configuration static dns cannot be parsed so that it cannot be connected to the Internet, and dynamic acquisition can be connected to the Internet normally. Why is this the case?
static dns, which has been used before, has been well used. Yesterday, I suddenly found that I couldn t parse, but I could ping. and setting it to dynamic acquisition can connect to the Internet normally. Why is this the case? is it a local problem o...

Network

Mar.06,2021
As shown in the figure, after the router connects to the outside wifi through the wds bridge, why is it still unable to access the Internet?
now the company uniformly uses wireless Internet access (a wireless network card is plugged into the desktop), but there is a cabin where there is no wireless signal. I have a wireless router (tp-link) on hand. Because of the problem of sharing the prin...

Linux cPP objective-c java Network

Mar.06,2021
A question about "unable to access this site"
the company network cannot access ...

Network powershell

Mar.11,2021
Part of the ping of the private network host is not accessible, and part of the ping can be connected.
ask a question about the connection of linux hosts. There are three hosts in the intranet, An and B can ping each other, C cannot ping A, C can ping B, where An and B are wired connections to the Internet, the ip is 10.12.41.44 and 10.12.41.151 respec...

Ping Network

Mar.11,2021
Is it true or wrong that all ports of `SWITCH are in one broadcast domain?
here is a description of the sentence: https: gss0.baidu.com 94o3dS. it says above that all ports of HUB and SWITCH are in a broadcast domain, and each port on the router forms its own broadcast domain. I can understand the description of HUB and r...

Computer-network switch

Mar.11,2021
How to understand "Tomcat NIO method is suitable for connections with a large number of connections and short connections, and AIO mode is used for connections with a large number of connections and long connections"?
NIO is suitable for architectures with a large number of connections and short connections (light operation), such as chat servers, and concurrency is limited to applications AIO is used in architectures with a large number of connections and long con...

Java Network Network-Development tomcat

Mar.12,2021