now we get the data directly according to the id request API
but in this way, anyone who knows the user"s ID can get the data.
how to strengthen security?
now we get the data directly according to the id request API
but in this way, anyone who knows the user"s ID can get the data.
how to strengthen security?
can be done in the form of token. For more information, please see the authorization mechanism of Wechat's official account.
key question:
1. Is ID traversable?
2. Is there an anti-crawling policy when crawling in batches?
solution:
1. UserId is a random hash string as far as possible, rather than a traverable string (such as self-increasing id)
2. To do a good job of current restriction, anti-brushing and anti-crawling, there are many schemes in strategy and implementation, which can be learned by yourself.
in addition, sites such as github.com can also obtain user information, but it does not cause large-scale disclosure of user privacy. Defense measures can be studied through attacks.
spring cloud has components), that is, when the service request is too high, edge services are temporarily shielded in order to ensure the core business. Of course, parameter checking and caching are also necessary. That's about all. oAuth 2.0 , to put it simply, users return token when logging in, and token must be verified when accessing the API. Specifically, take a good look at the development document of Wechat's official account, that is, oauth2.0
ase encryption algorithm. Encrypt and protect the transmitted data
the general solution is to use token for authentication
this kind of problem. Depends on what information you get.
right.
Private information is available only to the owner. Like a cell phone number. Dude, you have a crush on that anchor. I'll call you and you can contact me yourself.
take whatever you want with non-private information. Like nicknames. It's worth nothing. Right. Real names might be useful.
The horizontal coordinates of echarts are not specifically marked, and the X coordinates do not have a grid to indicate. Here is a figure that specifies . js * * createChartSix() { this.$http .get(this.$api.dataChart) .then(rsp => { ...
sincerely ask for advice: < hr > I want to use node as the background to build a video streaming server. The front end is similar to Youku VOD. It can record the playback node function, and load the progress bar at any point (starting from the c...
I need to implement in a chained promise function, any function error in the middle terminates the program, and can catch the error function, and then perform different operations according to different error functions. How can the following code be imp...
I would like to ask what is wrong with this code. Thank you for your answers. ...
is doing a question on Niuke.com. I encounter a problem: to achieve the function callIt, after the call meets the following conditions 1, the returned result is the result after calling fn 2, and the call parameter of fn is all the parameters after th...
A timing examination system is triggered if the click event is triggered within 5 seconds, and if it is not triggered, the system marks the correct answer at the end of the countdown. How to implement ...
description: a regular match is given to the content of an input box, and the matching content is the product activation code. looks like this: "0C31-0B81-BB32-3094-0C31-0B81-BB32-3094 " Code: $( -sharplicenseCode ).keyup(function () { le...
1. The custom event triggers the click event of .cpcstartrefresh, but triggers 2 click events each time 2. The code is as follows: window.onmessage = function (e) { create an event object, var myEvent = document.createEvent( Event ); m...
I configured the MIME type of the file with the amr suffix in the apache configuration as application ms-download, Why it is a garbled page when opening a file in amr format using window.open in chrome, while a file in amr format can be successfully dow...
I got a set of data, which is to choose the type of question. How can I tell if I have chosen the right one answera: "Olympic Games " answerb: "Asian Games " answerc: "Paralympic Games " answerd: "University Games " id: "1772 " question: "f...
read a number, such as 521 change this number to 0521 but put it into four div separately, how to realize it? 0 < div > 5 < div > 2 < div > 1 < div > ...
react projects cannot save store? using redux, data index.js ReactDOM.render( <Provider store={store}> <Router > < Provider>, document.getElementById( root )) registerServiceWorker() actions export const SET_USER = ...
how to find all the NA characters in a HMLT page and replace it with "and invalid " with native JS ...
...
suppose there are only a.js and b.js (only two js and nothing else) b.js export A variable is used for a.js can you directly use import and export without using packaging and compilation tools such as webpack or babel can it be achieved with the h...
do the gods have plug-ins for uploading attachments in the mobile version that can also be uploaded more than one? ...
what does the code circled in the following picture mean? ...
I look at a html ui project with items such as: var apiserver = window[ apiserver ]; url = apiserver + "filterUrlController getUrlData"; I searched the whole project and couldn t find the value of window [ apiserver ]. How do you un...
In the vue-cli project, I directly introduced the particls library into index.html, and the related files are placed in the static directory . <div id="particles-js">< div> <script type="text javascript" src="s...
How does the code return only the result after the last asynchronous operation in the for loop is completed as shown in the figure? Please stop by and give me a hand. ...