Previously generated sign and verify sign that we have the basics, but only by virtue of such a sign can not meet our needs, he can modify your header for such a body if you catch a hacker by the capture of data It is also how we can solve by sign the check as it will explain in detail for everyone
After the first thought I have such a problem it should first be taken into account is the sign of the timeliness of the issue if we sign only ten seconds and that even if he can only get caught in that twelve second in so whether we have this idea it should be added time parameters before generating sign it this time specifically how to join it?
We first establish a Time class to generate the time we needed to sign
? < PHP / * * * PhpStorm the Created by. * The User: Administrator * a Date: 2019/8/16 * Time: 10:20 * / namespace App \ the Common \ lib; / * ** * generate time-stamped stitching 13 bit string * class Time * @package App \ Common \ lib * / class Time { public static function get13TimeStamp () { List ( $ T1 , $ T2 ) = the explode ( '', microtime, and ()); ## * 1000 increases Uniqueness avoid duplication return $ T2 . ceil ( $ T1*1000); } }
After creating our time generated class we need to add time parameters when generating sign of
'time' => Time::get13TimeStamp(),
Then generate sign
IAuth::setSign($data)
After generating the returns we will get to sign after the parameter added time
After we got down to verify this sign
We need to change our method of checking the time parameters involved checkSignPass
New judge
# # 1000 to add a unique multiplication and division of IF (( Time () - ceil ( $ ARR [ 'Time'] / 1000))> config ( 'app.app_sign_time' )) { return to false ; }
Where config ( "app.app_sign_time") is my configuration in the configuration file
return [ 'AESKey' => 'asdasd4wq5646', # the AES keys server must client consistent 'Method' => 'the AES-128-an ECB', 'IV' => '', 'Options' =>' 0 ', ' app_types' => [ 'iOS', 'Android', ] , 'app_sign_time' => 60, ];
So that we will successfully added to the sign in time but then still can not guarantee the security of our data, we need to have is a sign of a higher security level (uniqueness) job then how do we continue to the next chapter Netvibes sign