TRKJ/mayfly-go
2
0
Fork 0
mirror of https://gitee.com/dromara/mayfly-go synced 2026-05-17 16:35:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9b7e569b3a6fa19992bb9d55e975c75ca090133a
mayfly-go/docs/server/security.md

27 lines
520 B
Markdown
Raw Normal View History

refactor: 移除antlr4减小包体积&ai助手优化
2026-05-08 20:45:13 +08:00
---
trigger: always_on
---
# 安全与权限规范
## 权限控制
```go
// 路由级别
req.NewPost(":dbId/exec-sql", d.ExecSql).RequiredPermissionCode("db:sqlscript:run")
// 代码级别
biz.IsTrue(account.HasPermission("db:sqlscript:run"), "无权限执行SQL")
```
## 敏感信息
- 资源密码使用 AES 加密存储
- `aes.key``jwt.key` 必须使用随机字符串
## OWASP 安全准则
- 防范 SQL 注入:使用参数化查询
- 防范 XSS输出转义
- 防范 CSRF配合前端同源策略
Reference in New Issue Copy Permalink