In the design of the app's open interface API, the security issue cannot be avoided.
1. https protocol
For some sensitive API interfaces, the https protocol needs to be used.
HTTPS is added to the SSL layer of the HTTP Hypertext Transfer Protocol, and its communication between networks is encrypted, so an encryption certificate is required.
2. Signature Design
Principle: After the user logs in, the user provides user authentication information (such as account and password) to the server. After the server authenticates, it returns a Token to the client. When the user obtains the information again, he will bring this token. If the token is correct, return data. For accessing user-related interfaces after obtaining Token information, the url requested by the client needs to carry the following parameters:
Timestamp: timestamp
Token order: token
Then, sort all the parameters requested by the user alphabetically (including timestamp, token), then encrypt them with MD5 (you can add a little salt), capitalize them all, and generate a sign signature, which is the so-called url signature algorithm. Then every time the user information is called after logging in, the sign, timestamp, and token parameters are brought.
The ultimate principle is to reduce the exposure times of plaintext; to ensure safe data access.
The specific implementation is as follows:
1. The client sends user authentication information (username and password) to the server, and the server verifies whether the user information is correct after receiving the request.
If it is correct: return a unique and unique string (usually UUID), and then maintain the user information relationship of Token----Uid in Redis (arbitrary cache server), so that other APIs can verify the token.
If error: return error code.
2. The server designs a url request interception rule
(1) Determine whether the timestamp, token, and sign parameters are included, and if not, return an error code.
(2) Determine whether the time when the server receives the request is different from the timestamp in the parameter for a long time (the time is customized such as half an hour), if it exceeds, it means that the url has expired (if the url is stolen, he has changed the time stamp, but will cause the sign signatures to be unequal).
(3) To determine whether the token is valid, according to the requested token, query the uid in the redis cache, if it cannot be obtained, it means that the token has expired.
(4) According to the url parameter requested by the user, the server side generates the sign signature according to the same rules, and compares the signatures to see if they are equal, and if they are equal, they are released. (Natural url signatures cannot guarantee 100% security, and data and urls can also be encrypted by public key AES, but this cannot ensure that the public key is lost, so the signature only guarantees security to a large extent).
(5) This url interception only needs to release the url that obtains authentication (such as the login url), and all the remaining urls need to be intercepted.
http://www.lai18.com/content/944366.html