Development of port security API (iii) ---- sign the effective time

Others 2019-08-16 17:05:16 views: null

Previously generated sign and verify sign that we have the basics, but only by virtue of such a sign can not meet our needs, he can modify your header for such a body if you catch a hacker by the capture of data It is also how we can solve by sign the check as it will explain in detail for everyone

After the first thought I have such a problem it should first be taken into account is the sign of the timeliness of the issue if we sign only ten seconds and that even if he can only get caught in that twelve second in so whether we have this idea it should be added time parameters before generating sign it this time specifically how to join it?

We first establish a Time class to generate the time we needed to sign

? < PHP
 / * * 
 * PhpStorm the Created by. 
 * The User: Administrator 
 * a Date: 2019/8/16 
 * Time: 10:20 
 * / 

namespace App \ the Common \ lib; 

/ * ** 
 * generate time-stamped stitching 13 bit string 
 * class Time 
 * @package App \ Common \ lib 
 * / 
class  Time 
{ 
    public  static  function get13TimeStamp () {
         List ( $ T1 , $ T2 ) = the explode ( '', microtime, and ()); 
      ## * 1000 increases Uniqueness avoid duplication 
        return  $ T2 . ceil ( $ T1*1000);
    }
}

After creating our time generated class we need to add time parameters when generating sign of

'time' => Time::get13TimeStamp(),

Then generate sign

IAuth::setSign($data)

After generating the returns we will get to sign after the parameter added time  

After we got down to verify this sign

We need to change our method of checking the time parameters involved checkSignPass

New judge

# # 1000 to add a unique multiplication and division of 
        IF (( Time () - ceil ( $ ARR [ 'Time'] / 1000))> config ( 'app.app_sign_time' )) {
             return  to false ; 
        }

Where config ( "app.app_sign_time") is my configuration in the configuration file

return [
     'AESKey' => 'asdasd4wq5646',   # the AES keys server must client consistent 
    'Method' => 'the AES-128-an ECB', 
    'IV' => '', 
    'Options' =>' 0 ', 
    ' app_types' => [
         'iOS', 
        'Android', 
    ] , 
    'app_sign_time' => 60, 
];

So that we will successfully added to the sign in time but then still can not guarantee the security of our data, we need to have is a sign of a higher security level (uniqueness) job then how do we continue to the next chapter Netvibes sign

Guess you like

Origin www.cnblogs.com/we-jack/p/11362466.html
Recommended
Ranking
2019 JD pen questions - Choir
Grafana installation & basic configuration
How to solve the high gas fee of Filecoin? The official attitude is bright!
Informatization development 59
Date,DateFormat,Calendar,
Introduction to MySQL - Understanding MySQL
win10 conexão de área de trabalho remota ubuntu20 (RDP)
52. Customize generics on methods
Detailed explanation of CAP, ACID, BASE theory and NWR practice strategy
UnknownHostException:XXX:Name or service not know
Daily
More
2024-08-01(0)
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)

Code World

© 2018 codetd.com