Html interaction with PHP using ajax (RestfulAPI)

Source: Internet
Author: User
Tags csrf attack
Because mobile and PC APIs are shared, I want to do this. Html interacts with PHP, using Ajax (RestfulAPI. 1. How to ensure security? 2. What should I pay attention? 3. How can we prevent other users from sending fake requests? Or, what are the advantages and disadvantages of MVC? Because mobile and PC APIs are shared, I want to do this.
Html interacts with PHP using Ajax (Restful API.
1. How to ensure security?
2. What should I pay attention?
3. How can we prevent other users from sending fake requests?

Or, what are the advantages and disadvantages of MVC?

Reply content:

Because mobile and PC APIs are shared, I want to do this.
Html interacts with PHP using Ajax (Restful API.
1. How to ensure security?
2. What should I pay attention?
3. How can we prevent other users from sending fake requests?

Or, what are the advantages and disadvantages of MVC?

1. Security
The security of web is universal and has nothing to do with your solution to the problem.
For example, for input verification, the normal verification is two steps (browser, server), so the API-style design is as a direct request, the server must strictly verify the incoming data.
For example, access permission. Although the API is directly exposed for access, it can provide additional required parameters as access control. The source and method of this parameter depend on you.

2. What should I pay attention?
This problem is really too wide.

3. Burst
In fact, this can be included in question 1.
If a key value is input as an additional parameter, you can limit the number of times the key is accessed within a certain period of time. This is just a simple processing method.
However, this method is not applicable in case of a suspected CSRF attack.

In fact, any web application can capture packets for analysis, interpret it as a "pseudo API" (non-dedicated words), and then request it for results. Basically, crawlers use this method.
The starting point of attention is (actually the answer to question 2)
1. Security
Security policies for system permissions and other issues
Security Defense from attacks
2. Crawler
Anti-crawler-related technologies.

Security Problem: If your data level is relatively high, Use https.
Anti-bot service: Multiple IP addresses on the server. The client can use js to encrypt strings. It can also be flushed (but it will be cracked, so does google's passport. But his js algorithm is hard ).

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.