Under normal circumstances, we will think that since the request message is encrypted, there should be no security problem. But it's not that simple.
How to avoid this situation, the most direct way is to strengthen the management of keys to prevent leakage. There are many methods, and each message can use a different symmetric key, so as to achieve one report and one secret. The ECC elliptic algorithm is used to realize the key exchange between client and server, which avoids the transmission of keys on the network. Of course, another way is to sign the message.
Using a private key signature, an attacker cannot easily modify the signature. God can't save you in this case unless he gets the private key. If the attacker tampers with the message and then signs it with his own private key, the server will verify the signature with the user's public key after receiving the message, and the verification will fail. This can ensure the security and integrity of the user request message.