Transfer: https://juejin.im/post/5bac48f9f265da0aa52914b4
1, check the level of authority
Level permissions vulnerability generally appear in a user object associated with a number of other objects (orders, etc.), and to implement CRUD time of the associated objects.
When the request includes the user ID and the associated object ID, be sure verification associated object belongs to the user;
2, power, etc.
Characteristics affecting idempotent operations performed any number of times and the average influence produced by the first execution of the same.
The basic idea of processing operations are idempotent: a unique message to a caller identification request ID. ID identifies a work unit, this work unit should be performed only once; the recipient must first verify that the unit of work has been executed in the execution unit of work. Logic checks whether usually according to a unique request ID, the service side query requests are recorded, if there is a corresponding response message, if any, directly returns a response or return repeat the error information information query; if not, then as a new request to deal with.
3, anti-concurrent
The basic idea is to use the anti-lock concurrency: 1, distributed lock (lock Redis); 2, optimistic locking (version number); 3, the locking state (a state before the pre-determined modified data).
4, asynchronous tasks
Caution EventBus, ThreadPool asynchronous processing and other tasks, the task will be lost when the service is down or restart. Mq recommended since the resumption spontaneous.
5, eventual consistency
The final consistency is weak consistency, consistency in need of strong scenes sure to not use tmc and other ways. (E.g. single deduction amount, etc.)
6, anti-replay
Commonly used to prevent replay mechanism is to use a timestamp and nonce do replay mechanism. timestamp used to indicate the current request timestamp, nonce is a random number and timestamp generated encryption, sign the signature on the entire url.
The server received the request:
1) sign the signature to verify the reasonableness of the request parameters have not been proven way tampered with.
2) revalidation timestamp has expired, to prove the request is being issued in the last 60s.
3) Finally, verify that the nonce has been proved that reproduction request in the request is not 60s.
7, downgrade
Ensure that the core functions of a system failure or when the pressure is too large.
Hystrix design principles include: resource isolation, fuses, command mode.
Resource isolation: Hystrix use Bulkheads (bulkhead isolation mode), each dependent services allocate a separate thread pool resource isolation to avoid avalanche service.
Fuse: setting error rate threshold, the error rate when the request exceeds a threshold value, a request is prohibited. After a period of time, the fuse will automatically enter the half-open state, allowing a request by the request when the call succeeds, the fuse to return to a closed state, if the request fails, the fuse remains open, the subsequent request is Do Not Pass.
Command mode: Hystrix use the command mode (inherited HystrixCommand class) to wrap a specific service invocation logic (run method), and added a downgrade logic (getFallback) after a service call fails in command mode.
Author: Black Upper
link: https: //juejin.im/post/5bac48f9f265da0aa52914b4