How the calling interface written to Android guarantees installation and prevents attacks
Write to the Android call interface how to ensure the installation, to prevent attacks, and some said to use oauth2.0 to check the information about oauth2.0 do not understand how I use to ask you to guide
------to solve the idea----------------------
See if you are your own internal interface or external interface, generally need to have a signature this is at least the sensitive data can be encrypted, if the server network on the protection of the attack can add some such as a minute number of requests IP management account management and other measures to prevent.
At the moment, the attack on the interface is at least I haven't touched, maybe the amount of the attack is too small to attract attention.
------to solve the idea----------------------
Encrypt, decrypt.
Encrypt the passed parameters (token). Then decrypt it on the server side.
Require ' aes.class.php ';
Require ' aesctr.class.php ';
$key = ' abcdef '; Secret key
$param = Array (
' Name ' = ' Fdipzone ',
' Password ' = ' 123456 ',
' Time ' = Time ()
)
$token = Aesctr::encrypt (Json_encode ($param), $key, 256); Encryption
After the server receives
$data = Json_decode (aesctr::d ecrypt ($token, $key, N), true);
' aes.class.php aesctr.class.php Reference: http://blog.csdn.net/fdipzone/article/details/8178982
