At present, the interface of most websites and apps uses the http protocol, but the http protocol can easily monitor the content through the packet capture tool, and even tamper with the content. In order to ensure that the data is not seen and modified by others, the following aspects can be used avoid.
Important data needs to be encrypted , such as username and password, we need to encrypt, so that even if they are captured and monitored, they will not know what the original data is (if it is simple md5, it can be brute force cracked), so the more complex the encryption method, the more secure , according to the needs, the common ones are md5 (irreversible), aes (reversible), you can combine them freely, you can also add some special characters, there is nothing you can't do but you can't think of it, for example: username = aes(username), pwd = MD5( pwd + username);. . . . .
Non-important data needs to be signed . The purpose of the signature is to prevent tampering. For example, http://www.xxx.com/getnews?id=1, to get news with id 1. If you don’t sign, you can pass id=2. Get the content of 2 and so on. How to sign it? Usually sign is used. For example, a sign parameter is added to the original link request, sign=md5(id=1). The server receives the request and verifies whether the sign is equal to md5 (id=1). If it is equal, it indicates a normal request. This will have a disadvantage. If the rules are discovered, they will be forged, so if they are more complicated, they can still improve security.
How to do the login state? HTTP is stateless, that is, the server cannot determine whether the two requests are related. The name is arbitrary), when the user successfully calls the login interface, set a value in this field (such as aes (expiration time)), and return it to the front-end at the same time, each time the front-end request brings this value, the server first checks whether Expired, and then check whether it is correct, if it does not pass, let it log in. ( Redis is very convenient to do this, the key has an expiration time)
Interested friends can join my Internet architecture group: 477819525
There are a large number of java elementary, advanced, advanced, architecture videos and books, and everyone can communicate and learn together.