如何防止漫游器使用REST API调用从移动应用程序注册新用户?
[英]How to prevent bots using REST API calls to register new users from an mobile app?
问题描述
I want to write a backend application with REST API in django-tastypie for mobile apps. 
我想在django-tastypie中为移动应用程序编写带有REST API的后端应用程序。
If i am sending POST data (user-object) to eg http://localhost:8000/api/v1/register/ from within my mobile app to register a new user, everybody who knows the url can register new users and blow my database. 如果我要从我的移动应用程序中向例如http://localhost:8000/api/v1/register/发送POST数据(用户对象)以注册新用户,那么每个知道url的人都可以注册新用户并打击我数据库。 How do i prevent this? 我该如何预防? Is using a REST-API for user registration a wrong approach? 使用REST-API进行用户注册是错误的方法吗? Can someone point me to in the right direction? 有人可以指出我正确的方向吗? I dont want to use OAuth for logging in my users. 我不想使用OAuth登录用户。
1 个解决方案
解决方案1
0 2016-06-13 23:11:17
everything depends on how securely you can store data on the mobile application... 一切都取决于您在移动应用程序上存储数据的安全性...
if you are pretty sure that you can have something securely stored on the mobile phones with your app, the simplest solution is to set-up certificate authentication on your frontend server, in such a case every connection without proper certificate will fail 如果您确定可以通过应用程序将某些内容安全地存储在手机上,则最简单的解决方案是在前端服务器上设置证书身份验证,在这种情况下,没有正确证书的每个连接都会失败
this is quite simple solution that does not require any changes to your backend code, only small change to clients (to use certificate) 这是一个非常简单的解决方案,不需要对后端代码进行任何更改,只需对客户端进行少量更改(即可使用证书)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.