APP, before and after the end of the separation project are used with the server API interface in the form of data communication, data transmission is peeping, get caught, have occurred is forged, then how to design a safer API interface options?
The general solution is as follows:
1, Token authorization and authentication to prevent unauthorized users to access data;
2, timestamp timeout mechanism;
3, URL signature, to prevent the request parameters being tampered;
4, anti-replay, the interface is requested to prevent the second, anti-acquisition;
5, using the HTTPS communication protocol, preventing plaintext data transmission;
A, Token certification authority
HTTP protocol is stateless, one end of the request, disconnected, and then next time the server receives a request, it does not know what the request is sent by the user, but we have to limit access to the module is concerned, it is the need for state management, so that the server can accurately know which HTTP requests initiated by the user, to determine whether he has the authority to continue the request.
Token design is a user using a user name and password at the login client, the server returned to the client a Token, and Token in the form of key-value pairs stored in the cache (usually Redis), the follow-up to the client to require authorization All operations must take this Token modules, for Token authentication server receives the request, Token if present, indicating a request for authorization.
Token generation of design requirements:
1, must be unique, otherwise there will be confusion within the authorization application, A user sees B user data;
2, each Token generated must be different, prevent recorded permanent authorized;
3 generally corresponds to the Redis Token key, value is stored in the cache information related to the user, such as: a user ID;
4, to set Token expiration time, after the expiration requires the client to log in again to get a new Token, set a shorter period if the Token, users will need to log in again, experience relatively poor, we generally use the Token expired, the client silently Login way, when the client receives Token expired, the client saved with the local user name and password to log silently in the background to get the new Token, there is a separate refresh a Token interface, but must pay attention to refresh mechanism and safe question;
Depending on the design requirements of the above, it is easy to get Token = md5 (User ID + timestamp + log server secret key) to obtain the Token in this way, because the user ID is unique, login time stamp per application guaranteed login time is different, the server-side secret key is encrypted string participate in server-side configuration (ie: salt), aims to improve Token crack encrypted difficulty, be careful not to leak;
Second, the time stamp timeout mechanism
Each time the client requests the interface are put timestamp timestamp of the current time, followed by the server receives the current time timestamp comparison, if the time difference is greater than a predetermined time (for example: one minute), the request is considered invalid. Timestamp timeout mechanism is an effective means of defense DOS attacks.
例:http://url/getInfo?id=1&timetamp=1559396263
Three, URL signature
Wrote Alipay or micro-channel pay docking students is certainly no stranger to the URL signature, we only need to send the original plaintext parameter server-side signature to do something, then do it again with the same signature algorithm in the server end, you can compare the two signatures ensure that the corresponding plaintext parameters have not been tampered with middlemen.
First, we need to assign a private key to the client for the URL signature encryption, the general signature algorithm is as follows:
1, the first communication parameters are placed in alphabetical order by key array (interface address general request to take part in sorting and signature, you need to add additional url = http: // url / getInfo this parameter);
2, the sort of key-value pairs with the complete array & connect forming a parameter string for encryption;
3, the encryption parameter string before or after adding the private key, and then encrypted using MD5, to obtain Sign, and interfaces to the server along with the request.
E.g:
http://url/getInfo?id=1&timetamp=1559396263&sign=e10adc3949ba59abbe56e057f20f883e
After receiving the request the server side, the server sign obtained by the same method, the comparison of the client are the same sign, if the same request is valid;
Note: For client's private key must properly handle, can not be got illegals, if the project was for the H5, H5 save the private key is a problem, there is no better way, is also consistent problem that bothers me, if you there are better ways to explore together can leave a message.
Fourth, anti-replay
When the client first visit, will sign the signature stored in the Redis server timeout timeout set to coincide with the time stamp, both in terms of time can ensure consistent within a limited time or timestamp can only access the external URL once, if the person is illegally intercepted, accessed again using the same URL, if you find the cache server already exists for this signature, the denial of service. If the case of the signature in the cache of failure, someone accessed again using the same URL, timestamp timeout mechanism will be blocked, which is why the requirements of the timeout to be set to sign agreement with the timestamp of the timeout. Refused repeated calls to ensure that mechanisms URL intercepted by others can not be used (such as data capture).
Program above process is as follows:
1, the client user name and password to log server and get the Token;
2, the client generates a timestamp timestamp, and the timestamp as one of the parameters;
3, the client will all parameters, including Token and timestamp are sorted according to their own signature encryption algorithm signature sign
4, the token, timestamp, and must sign the request as a parameter carried added behind URL of each request
Example:
http://url/request?token=h40adc3949bafjhbbe56e027f20f583a&timetamp=1559396263&sign=e10adc3949ba59abbe56e057f20f883e
5, the end of the service token, timestamp sign and validate only valid token, timestamp has not timed out, the absence of three kinds of sign cache server meet, this request is valid;
Fifth, the use of HTTPS communication protocol
As we all know HTTP protocol is sent in the clear content, it does not provide data encryption in any way, if an attacker intercepts the transmission of messages between the client and the server, you can directly read the information in it, and therefore not suitable for the transmission of some HTTP protocol sensitive information such as credit card numbers, passwords and so on.
To address this shortcoming HTTP protocol, you need to use another protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS, for secure data transmission, HTTPS added SSL protocol based on HTTP, SSL relies on certificates to authenticate the server identity, and between the client and server communication is encrypted.
HTTPS is not completely safe, as shown hijacking attacks as middlemen who can get to the content of all communications between the client and the server.
Taken intermediary to the requesting client sends the server, the client then disguised as communicating with the server; the server returns to the client the content sent to the client, the server pretending to communicate with the client.
By this means, you can get all the contents of the communication between the client and the server.
Use middleman attacks, must let the client trust certificates middleman, if the client does not trust, then such attacks can not play a role.
2 for general App security requirements, by checking the domain name may be used, the validity of the certificate, the certificate chain and the certificate key way information;
Summary: All security measures will inevitably have to spend if sometimes too complex, need to make a choice based on their own circumstances in practical projects, such as can only use the signature mechanism to ensure that information can not be tampered with, or when directed to provide services only Token mechanism with it on, how to choose, it all depends on the actual situation of the project and requirements for interfaces security.