Last night, accidentally remembered how PHP to the data interface, as well as the security of the interface, of course, also read a lot of great God wrote the material, documents. It has played a role in my inspiration. Recall the previous write interface, did not do any security processing, think of the consequences is a bit scary, of course, in this, I share only some of my views and ideas, if I think that the idea of biased, I implore you to enlighten the great God, mutual exchange, is the effective way of technology promotion well, okay, nonsense, now I just briefly describe my thoughts
Now PHP has a lot of mature framework, with a framework to do, directly write a public function, can be called anywhere within the framework, and then according to their own idea of a good algorithm, how to generate a token value, is also the extremely easy thing, my idea is: Now the general framework is the structure of MVC, Implement token value MD5 ("model name" + "controller Name" + "method name" + "timestamp" + "key") so that you can generate a MD5 value, the front end of the data to you with this token value, the background dynamically get the current model name, controller name, method name, time, And in the database to read the key, and then MD5, also generate a token, and then two token value for comparison, if equal, then the interface request is successful, the background processing its request, if it fails, and the number of failures more than 5 times, the IP will be in half an hour, Or one hours cannot be in the calling interface. On the mobile side of the problem, you can actually tell the mobile colleague, your interface algorithm implementation, let it according to this routine to the request parameters to you, you are going to deal with, if really grab the bag, caught is just some parameters and token only.
Some insights on PHP interfaces