First of all I do is a Spring Boot integrated Java project, the project is doing a unit test tool often used when postman used for some of your module development after function test, but this will be a problem, whether the GET or POST request, will be your URL and your pages will be the parameter name and parameter values exposed, wait until the production will be very easy to let the information exposed, excuse me is there any way to hide out the parameters of these requests? Or add a judging how to verify the user is in the normal click login on the web, rather than through test tool to simulate the request to send?







The great spirit guide, please, I need what technology can solve this problem, give me a direction or a few good post

CodePudding user response:

First of all, it is impossible to hide the request parameters, unless you don't have parameter,
Of course parameters can be varied in form, such as http://xxx/controller/action/parameters 1/2/

As to judge whether the page click, speak a simple idea:
Enter the page, the server generates a single token, the page presentation, bring a token,
, issued by the server-side validation whether I was passed, and invalidate the token
, of course, the user can also request token by default, and take it, you can start your IP access frequency or to restrict user access to frequency,
Without what good method can prevent others analysis and just grab handle,

CodePudding user response:

Then, as some companies do this aspect of the security measures? Take for example the send and parameter passing this request

CodePudding user response:

Auth token, look at 2.0.

CodePudding user response:

Do not have what good idea, don't want to request content was intercepted by a third party, then use the HTTPS

Front all things can be simulated, all of your action just increase of the simulation work, and simulate the request and don't have much problem, be violent attacks, at the most, you can do it according to the IP access denied, but the premise is the value of your products have enough to let others do the things

CodePudding user response:

Well well, know, for my present this project is basically does not exist the possibility of being cracked access, but for my personal development, I wish you a great god refers to a learning path for me at the same time, to improve their ability,

CodePudding user response:

Learn from the bosses

CodePudding user response:

CodePudding user response:

Excuse me is there any way to hide out the parameters of these requests?
You don't have to worry about this problem for you, you can see your data, so there is no leak, if used in the process of transmission is HTTPS to transmit content encryption, don't worry about being intercepted
Or add a judging how to verify the user is in the normal click login on the web, rather than through test tool to simulate the request to send?
This problem you need to increase authentication backend, in the process of the request with a token, no token request