<?php //保密token串 $token = '249238jdush24hgdddf/sds_assd_&ssa23_sd'; //业务参数对开公开 $str = 'name=zhangsan&id=23'; //保密的签名算法 $sign = md5($str.$token); 想请教下大家,我的接口签名是这样封装的,那么sign被破解的可能性大吗? 有其他更高明的接口安全验证方案吗?
As long as your token is not leaked, there will be no problem with this method. A more confidential solution is to add timestamp. For example, all requests longer than 600 seconds will be invalid.
timestamp
Add app_id and app_secret, app_secret is confidential
If the requester's IP is relatively fixed, you can add an IP whitelist to verify the IP.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
As long as your token is not leaked, there will be no problem with this method.
A more confidential solution is to add
timestamp. For example, all requests longer than 600 seconds will be invalid.Add app_id and app_secret, app_secret is confidential
If the requester's IP is relatively fixed, you can add an IP whitelist to verify the IP.