84669 person learning
152542 person learning
20005 person learning
5487 person learning
7821 person learning
359900 person learning
3350 person learning
180660 person learning
48569 person learning
18603 person learning
40936 person learning
1549 person learning
1183 person learning
32909 person learning
<?php //保密token串 $token = '249238jdush24hgdddf/sds_assd_&ssa23_sd'; //业务参数对开公开 $str = 'name=zhangsan&id=23'; //保密的签名算法 $sign = md5($str.$token); 想请教下大家,我的接口签名是这样封装的,那么sign被破解的可能性大吗? 有其他更高明的接口安全验证方案吗?
As long as your token is not leaked, there will be no problem with this method. A more confidential solution is to add timestamp. For example, all requests longer than 600 seconds will be invalid.
timestamp
Add app_id and app_secret, app_secret is confidential
If the requester's IP is relatively fixed, you can add an IP whitelist to verify the IP.
As long as your token is not leaked, there will be no problem with this method.
A more confidential solution is to add
timestamp
. For example, all requests longer than 600 seconds will be invalid.Add app_id and app_secret, app_secret is confidential
If the requester's IP is relatively fixed, you can add an IP whitelist to verify the IP.