Java version App interface Security Design
Safety design is divided into two types:
1. Transport security.
2. Session security.
1. Transport Security
How to ensure that the interface through the network transmission is not captured packet capture?
1, if only using the symmetry algorithm, cracked app to get encryption key can decrypt the intercepted transmission data.
2. If only the asymmetric algorithm is used, the length of encrypted data is limited.
3. Solution: Symmetric algorithm + asymmetric algorithm.
Session-related
1, each login, will produce a unique encryption key,
Set the effective time for the encryption key. This makes it impossible for a user to spoof a session after sniffing.
2, passed the parameters, in addition to the RSA encrypted key, the other multi-parameters are uniformly encapsulated into a parameter param, the background and then the parameter decomposition into a number of parameters for the program to use, so that the sniffer address can not be analyzed by the interface parameters. Improve the difficulty of cracking.
Joint Learning Exchange Group:
Java version App interface Security Design