Recently, a public account needs to send a red envelope. a QR code is required to correspond to a red envelope and receive it by scanning the QR code. what is the problem about preventing red envelopes from being brushed?

Source: Internet
Author: User
Requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the normal scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it. the problem persists until the mail is sent: there may be a url based... requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the ordinary scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it until it is published.
Problem: there may be questions about how to guess other red envelope links based on the url. there is no QR code (here the QR code should be used to control who the red envelope will be sent and not who it will be sent.
The following methods have been created:
Write an encryption method and encrypt it with a timestamp, a random number, and a predefined token (or code). The link to the QR code also carries a random number with a timestamp, and a token, after scanning the QR code, verify the validity of the parameter encryption and the stored encrypted string. This may prevent the url owner from receiving the red packet.

Do you have any good ideas?

Reply content:

Requirement: The program prepares several QR codes for the public account. The total amount is RMB. scan the QR codes to receive the QR codes. each QR code must receive a red envelope. you cannot receive the QR codes again after receiving the QR codes, this is different from the ordinary scanning code to send a red envelope advertisement. there is only one QR code, and anyone can scan and spread it until it is published.
Problem: there may be questions about how to guess other red envelope links based on the url. there is no QR code (here the QR code should be used to control who the red envelope will be sent and not who it will be sent.
The following methods have been created:
Write an encryption method and encrypt it with a timestamp, a random number, and a predefined token (or code). The link to the QR code also carries a random number with a timestamp, and a token, after scanning the QR code, verify the validity of the parameter encryption and the stored encrypted string. This may prevent the url owner from receiving the red packet.

Do you have any good ideas?

1. how do you obtain the QR code first? This is important. You absolutely need a mechanism to control the user's access to the QR code. this is the key !!

2. for the uniqueness of the QR code url, you can write an asymmetric encryption algorithm and put the encrypted string in the url. each request is sent and checked by an algorithm.

3. you can add browser features to determine what? Browser judgment ?? This means that the target attacker will always scan your page directly. after scanning, there will be no other features in the browser, loading page resources, such as img, script, css ..., a lot. you can decide how to judge it.

4. do not trust openid, ip address, or mobile phone number.

5. if you implement the above Strictly, you can eliminate 80% million customers.

6. there is a anti-brush mechanism in itself, and you can rest assured.

7. More importantly, there is still a live stream.

8 ,...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.