怎么防止外人调用api?
小弟问个问题
如果网站的操作都是通过一个api实现的
比如
php有一个控制页面,www.control.php?action=1$addlist="adfs".....
当然是post方法,举例。
从主页ajax 调用post到这个页面
怎么防止别人通过工具提交页面到我的api,只允许我的手机app提交?
谢谢大神们指点
回复讨论(解决方案)
我们团队的做法是每台手机登陆app后会有一个session_id,简称sid,通过这个来判断是不是非法调用
我们团队的做法是每台手机登陆app后会有一个session_id,简称sid,通过这个来判断是不是非法调用
谢谢,像这种的session id是不是要存到数据库进行验证呢?
我对令牌这方面的确不了解,不明白怎么实现的
我们团队的做法是每台手机登陆app后会有一个session_id,简称sid,通过这个来判断是不是非法调用
谢谢,像这种的session id是不是要存到数据库进行验证呢?
我对令牌这方面的确不了解,不明白怎么实现的
是这样的,我们的app调用我们web这边的接口后,传上来sid值,web再通过服务器端c++去验证这个sid(sid应该是在app登陆的时候保存在内存了),如果相等就OK,不等的话就说明是非法调用。
手机内部至一个私钥,然后所有请求挂上该私钥的非对称签名,不符合签名的一概拒绝。
去下一个支付宝支付的phpsdk,看看他是如何对所有的get参数进行签名认证的,就可以了。
好高深,对于刚接触php的我是来学习的。
手机内部至一个私钥,然后所有请求挂上该私钥的非对称签名,不符合签名的一概拒绝。
谢谢各位
是不是简单来说,用户登陆时候,服务器验证登陆后,发放一个数字token给前台客户端,藏在hidden中,并对应写到session里面
每次用户提交时候,get 这个hidden里面的数值和session对应
如果相对,就说明这个用户是被认证过的说
www.control.php?action=1&addlist="adfs"
以上?的url?例:
首先???函?,用???加密和解密,那?新的url变成
加密函数:用来对指定的内容进行加密,他加密过的内容可以用解密函数反解
www.control.php?action=1&addlist="adfs"&key=加密函数("adfs")
服务器端:
分?获取到addlist和key的值,然后用解密函数解出接过来,用这个结果和addlist比?一下
我们团队的做法是每台手机登陆app后会有一个session_id,简称sid,通过这个来判断是不是非法调用
谢谢,像这种的session id是不是要存到数据库进行验证呢?
我对令牌这方面的确不了解,不明白怎么实现的
是这样的,我们的app调用我们web这边的接口后,传上来sid值,web再通过服务器端c++去验证这个sid(sid应该是在app登陆的时候保存在内存了),如果相等就OK,不等的话就说明是非法调用。
为什么不继续用php,要调用C++去验证呢?小白疑问
a..给错分了。。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
Alipay PHP SDK transfer error: How to solve the problem of 'Cannot declare class SignData'?
Apr 01, 2025 am 07:21 AM
Alipay PHP...
Explain JSON Web Tokens (JWT) and their use case in PHP APIs.
Apr 05, 2025 am 12:04 AM
JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,
Describe the SOLID principles and how they apply to PHP development.
Apr 03, 2025 am 12:04 AM
The application of SOLID principle in PHP development includes: 1. Single responsibility principle (SRP): Each class is responsible for only one function. 2. Open and close principle (OCP): Changes are achieved through extension rather than modification. 3. Lisch's Substitution Principle (LSP): Subclasses can replace base classes without affecting program accuracy. 4. Interface isolation principle (ISP): Use fine-grained interfaces to avoid dependencies and unused methods. 5. Dependency inversion principle (DIP): High and low-level modules rely on abstraction and are implemented through dependency injection.
How to automatically set permissions of unixsocket after system restart?
Mar 31, 2025 pm 11:54 PM
How to automatically set the permissions of unixsocket after the system restarts. Every time the system restarts, we need to execute the following command to modify the permissions of unixsocket: sudo...
How to debug CLI mode in PHPStorm?
Apr 01, 2025 pm 02:57 PM
How to debug CLI mode in PHPStorm? When developing with PHPStorm, sometimes we need to debug PHP in command line interface (CLI) mode...
Explain the concept of late static binding in PHP.
Mar 21, 2025 pm 01:33 PM
Article discusses late static binding (LSB) in PHP, introduced in PHP 5.3, allowing runtime resolution of static method calls for more flexible inheritance.Main issue: LSB vs. traditional polymorphism; LSB's practical applications and potential perfo
How to send a POST request containing JSON data using PHP's cURL library?
Apr 01, 2025 pm 03:12 PM
Sending JSON data using PHP's cURL library In PHP development, it is often necessary to interact with external APIs. One of the common ways is to use cURL library to send POST�...
Explain late static binding in PHP (static::).
Apr 03, 2025 am 12:04 AM
Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.
