(1) We can solve this problem by using timestamps and passing timestamps. In the service layer, compare the timestamp passed by the interface with the current time, for example, set the validity period of this request to 60 s.
(2) Encrypt the timestamp to prevent attackers from carrying out simulated attacks on the timestamp.
2. Interface data has been tampered with.
(1) uses the signature mechanism to encrypt the uploaded interface parameter data and generate a signature. The server uses the same algorithm to verify the signature to ensure the consistency of the data.
(2) The encryption algorithm is: sign = MD5 (MD5 (a =1120)+MD5 (b =1144)), where A and B are the specific uploaded data.
3. Sensitive interface data is stolen.
Encrypt the uploaded sensitive data, such as passwords. The encryption algorithm is as complex as possible, and the back-end processing can be salt processing to further improve the encryption level.
Finally, we can directly use https protocol to enhance the security of api.