Php write interface security verification do not understand?

when using php to write an interface, you have to use security verification. I don"t know why I"m a little confused when I think about it recently.
for example, there is an interface address http://test.com/user/list?uid.
. The three parameters above are the id), token values of the: uid (user. Sign (this value is calculated according to the first two parameters under the specified algorithm)
is given to the server, and then the server calculates the sign, according to the same rule to verify whether the passed sign is consistent

.

if the url above is normal, you can get the data. If the url is known by others at this time, and you can see the data as long as you run it in the browser, what is the use of security verification at this time?

Php
Mar.16,2021

whether it is encrypted transmission or plaintext transmission, the browser will become plaintext data after parsing, which is certainly inevitable.

if you want to talk about the role of security verification, you need to explain Token. Token means tokens, passports, and users can perform corresponding operations only after they have obtained token. Without token, is it not possible to forge user requests and operate wantonly?

the security verification of the general interface has a public key and a private key. Only the public key is transmitted and then the token or signature is generated by finding the private key, instead of all the parameters are transmitted openly as now. And the API verifies whether the request identity is correct, not a correct identity request must be in the right place to get the correct answer

  1. you can pass the current timestamp as a parameter, and the interface side determines whether it exceeds the predetermined time when judging the validity of the request. In this way, the sign generated by each interface is different from time to time.
  2. can also be accompanied by an ip check, which is processed only by interface requests sent by the specified server ip.

the landlord mentioned three parameters.
uid (user id) this is the normal parameter
token value, this is the authentication parameter = = "login uses
sign, this is the request signature parameter = =" tamper proof use

after the server receives the request.
the first thing you should do is to verify that sign is legal. If it is illegal, it is considered to be a tampered request to terminate the service.
then authenticates the token, to get the user's identity information.
finally to the business logic.

Previous: A fatal error has been detected by the Java Runtime Environment

Next: Please tell me how to add and query data in sequelize many-to-many relationship.

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3c656-2b858.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3c656-2b858.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?