Open API interface security processing! - Code World

Open API interface security processing!

Others 2019-11-29 00:30:23 views: null

table of Contents

concept
encryption
MD5
Token
Open api parameters
Duplicate submission, malicious call
Journal
Verification code

Open API interface security processing!

references:

Public key, private key and digital signature so the best understanding (reprint)

concept

Problems:

Data theft
Data tampering
Data Loss

The corresponding solution:

Encryption: RSA / DES
Confusion algorithm: MD5
Token: TOKEN

encryption

symmetry

OF

AES
Asymmetric (public and private key)

RSA

effect:
- Encryption: Public key encryption -> private key to decrypt
- Signature: private key encryption -> public key to decrypt (private digital signature, public key to verify the identity)

MD5

Message Digest Algorithm

MD5 (Message-Digest algorithm called Chinese Fifth Edition) as a hash function widely used in the field of computer security, to protect the integrity of informants.
MD5 algorithm features:

Compressibility: arbitrary data length, the calculated length of the MD5 value is fixed.
Easily calculated: MD5 value is calculated from the original data easily.
Anti Modifiability: any changes to the original data, even if only a byte modifications, MD5 values obtained are very different.
Strong anti-collision: the known original data and its MD5 value, want to find data (ie, falsified data) is very difficult with the same MD5 values.

In principle not break, irreversible algorithm

However, some numbers can be obtained by the collision rainbow table (data is very large) of
MD5 salt

MD5(""+""+salt)
Scenarios
1. The interfaces specified for those fields generated MD5
2. Interface to obtain third-party caller parameters to generate MD5 MD5 comparison and corresponding incoming
3. Can form data integrity check, tamperproof

Token

Usually get when you log in, to determine whether the user login status

Open api parameters

id to the primary key do not set the self-energizing sequence

Increment sequence would be easy to polls, reptiles

Duplicate submission, malicious call

Scene: transaction type, order type, expiration date, idempotency

Returns the timestamp server parameters, when an incoming call, compared with the current server time, only by the period of validity
random number

Journal

Verification code

SMS categories: CAPTCHA

Issued registration message: No user information can not be restricted from the business, only to get a verification code human-computer interaction

Guess you like

Origin www.cnblogs.com/jarvankuo/p/11954940.html

Open API interface security processing!

Design and implementation of security App open interface api

Sign Design and Implementation of open interface API App Security Token signature of

App Open Interface API Security - Design and Implementation of Token Signature Sign

Java API interface signature authorization security authentication problem - HMAC-based rest api authentication processing

api interface security verification

API interface of the security papers

Security and performance of the API interface design

Security Issues in Interface API Development

Free open API payment interface

How to ensure API interface data security

How to ensure API interface data security?

How to ensure the security and stability of the API interface?

Common security mechanisms for API interface data flow

Open API interface signature reference document

axios API.js centralized processing interface study notes

[IPC communication] Signal processing interface Signal API (5)

[IPC communication] Signal processing interface Signal API (4)

[IPC communication] Signal processing interface Signal API (1)

[IPC communication] Signal processing interface Signal API (7)

[IPC communication] Signal processing interface Signal API (6)

Ali side: How to ensure API interface data security?

Sign verification of api interface data security solution in thinkphp

API Interface Security Test - Wsdl&Swagger&Webpack

Try using API Key to protect your SpringBoot interface security!

A Beginner's Guide to Application Programming Interface (API) Security

------- open platform API interface design based OAuth2.0 agreement

Tencent open meeting API interface for enterprises creating exclusive "conference Tencent"

Api interface-free and open to query IPv6 home

python continuous question and answer gpt through open api interface

Recommended

Linus is the most active in "eating dog food"!

Ranking

Share good programmer web front-end array and sorting, de-duplication and random roll call

Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe

魔众帮助中心系统 v3.1.0 首页切换器，界面优化

Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)

How to suppress the "requires transitive directive for an automatic module" warning properly?

LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)

Summer 2019 Summer soft essay 7 workers

Python中Assert断言的使用语法和例子

LeetCode one question per day (2021-2-3 sliding window median)

Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up

Daily

More

2024-05-20(5)

2024-05-19(0)

2024-05-18(31)

2024-05-17(6)

2024-05-16(23)

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)