Shulou(Shulou.com)05/31 Report--

In this article, the editor introduces in detail "what are the mechanisms of php interface security". The content is detailed, the steps are clear, and the details are handled properly. I hope this article "what are the mechanisms of php interface security" can help you solve your doubts.

1. Token authorization mechanism, after the user logs in with a user name and password, the server returns the Token to the client.

2. Timeout mechanism. Users will bring the current timestamp timestamp with each request.

After the server receives the timestamp, compared with the current time, if the time difference is greater than a certain time (for example, 5 minutes), the request is considered invalid. Timestamp timeout mechanism is an effective means to defend against DOS attacks.

3. Signature mechanism.

Add other request parameters to the Token and timestamp, and then encrypt them with the MD5 or SHA-1 algorithm.

Example

/ * * @ desc accepts parameter processing * / private function dealParam () {/ / accepts header parameter-system parameter $systemParam=getAllHeadersParam (); / / accepts body data-business parameter (json format) $data=file_get_contents ('php://input'); / / reads private key information in configuration file $api_apiKey=C (' api_apiKey'); $privatekey=$api_apiKey [$systemParam ['token']] $arr ['token'] = $systemParam [' token']; / / identity assigned by the server (different clients need to use different identities) $arr ['timestamp'] = $systemParam [' timestamp']; / / timestamp, UTC time, subject to Beijing time Zone 8 (+ 8) $arr ['version'] = $systemParam [' version']; / / version number $arr ['sign'] = $systemParam [' sign'] / / sign $arr ['source'] = $systemParam [' source']; / / Source (0-Android / 1-IOS/2-H5/3-PC/4-php/5-java) $arr ['data'] = json_decode ($data,true); / / Business parameter json format $arr [' method'] = $data ['method']; / / access interface, format: model name. Method name return $arr;} read here, this article "what are the mechanisms of php interface security" has been introduced, and you still need to practice and use the knowledge points of this article before you can understand it. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.