Security validation Issues

Security issues

When an app submits an HTTP request to a full-media system, several URL parameters must be attached as a verification basis.

The full media system authenticates when the request is received and rejects a request that does not pass the absolute authentication.

Parameters

Timestamp time stamp shape: 1407812629434 Note: Get method –date () in Java. getTime ()

Signature signature signature is calculated by APPID, Appsecret, timestamp

Algorithm
The app should fill in the signature parameter as a 16-string expression of the SHA1 hash value

[Math processing Error]
Examples in Python language:

>>> from Hashlib Import SHA1
>>> AppID = B ' 1001 '
>>> Appsecret = B ' 123456abcdef '
>>> timestamp = B ' 1407812629434 '
>>> signature = SHA1 (AppID + Appsecret + timestamp). Hexdigest ()
>>> Print (signature)
B1d11d44bcb28caa6ce4dc1b7f1526ede00f49e0
At this point, the URL is as follows:

Http://api/v1.0/1001/staffService/message?timestamp=1407812629434&signature= B1d11d44bcb28caa6ce4dc1b7f1526ede00f49e0
Security verification for apps
The full media system sends an HTTP request to the app, and it also comes with validation data in the parameters section of the URL. The app can be validated against these parameters.

Parameters

Timestamp time stamp shape: 1407812629434

Signature Signature signature is calculated by APPID, Accesstoken, timestamp

Algorithm
The full media system fills the signature parameter with a 16-string expression of the SHA1 hash value

[Math processing Error]
Examples in Python language:

>>> from Hashlib Import SHA1
>>> AppID = B ' 1001 '
>>> Accesstoken = B ' [email protected]%#^[email protected] '
>>> timestamp = B ' 1407812629434 '
>>> signature = SHA1 (AppID + Accesstoken + timestamp). Hexdigest ()
>>> Print (signature)
04326e341d0ba7064975a9c03a75361f856d3341
At this point, the URL is as follows:

Http://apphost/staffService/message?timestamp=1407812629434&signature= 04326e341d0ba7064975a9c03a75361f856d3341

Security validation Issues