堆栈内存溢出
  简体   繁体   English

对于匿名提交给API的应用程序,我应该使用哪种凭证系统?

[英]What credentials system should I use for an app where submissions to an API are anonymous?

 原文  2014-02-24 23:56:28       api/ security/ credentials

问题描述

I'm creating an app where user submissions (eg photo) are designed to be captured via crowdsourcing. 我正在创建一个应用程序,旨在通过众包捕获用户提交的内容(例如照片)。 The app connects to an API using an API key, and the app then submits the data anonymously. 该应用程序使用API​​密钥连接到API,然后该应用程序匿名提交数据。

We want to avoid the overhead of people creating user accounts and passwords. 我们希望避免创建用户帐户和密码的人员的开销。

However, it seems to me this is vulnerable to a the problem of the key getting revealed. 但是,在我看来,这很容易出现密钥泄露的问题。 The result is that spammy submissions could be made much more quickly via browser/wget HTTP requests. 结果是可以通过浏览器/ wget HTTP请求更快地进行垃圾邮件提交。 Because the app is installed on people's devices, it would take a long time for us to be able to withdraw a key and replace it with another. 由于该应用程序已安装在人们的设备上,因此我们需要很长的时间才能取出密钥并将其替换为另一个。

The approaches to deal with this problem I can think of are: 我能想到的解决这个问题的方法是:

  1. Hope that the key stays secret. 希望密钥保密。 Not ideal from a risk perspective. 从风险角度来看并不理想。 Using HTTPS for the API endpoint would reduce this risk, but presumably the app could still be decompiled to reveal it (not that in practice anyone would really bother) 在API端点上使用HTTPS可以减少这种风险,但是大概可以对应用程序进行反编译以显示它(这并不是说实际上任何人都可以打扰)

  2. Store a fixed username and password in the app, and submit as that. 在应用程序中存储固定的用户名和密码,然后以此提交。 That basically seems to run the same problem - if the credentials are leaked then this has the same problem as 1. 基本上,这似乎遇到了相同的问题-如果凭据泄漏,则与1的问题相同。

  3. Require a first-run fetch of a token to auto-create a username and password. 需要首次获取令牌才能自动创建用户名和密码。 However, if the key is compromised then this is no more secure. 但是,如果密钥被盗用,那么它将不再安全。 Also, this means we end up with lots of junky usernames and passwords in our database that really don't mean anything. 同样,这意味着我们最终在数据库中使用了很多垃圾用户名和密码,这些用户名和密码实际上并没有任何意义。

  4. Not considered desirable: force users to create a username/password. 认为不理想:强迫用户创建用户名/密码。 However, that then means a lot of messing around with accounts, and compromises the anonymity of submissions, meaning data protection implications. 但是,这意味着要弄乱很多帐户,并损害提交的匿名性,这意味着要保护数据。

Are there standard patterns dealing with this scenario? 是否有处理这种情况的标准模式?

2 个解决方案

解决方案1
 1  2014-02-25 00:04:02

The first time the app runs, it could get a random token from the server, store this, and use it on all subsequent requests. 该应用程序首次运行时,可以从服务器获取随机令牌,进行存储,然后在所有后续请求中使用它。 The server just checks that the token is one it produced itself. 服务器只检查令牌是它自己产生的令牌。 After each request, block the token for 5 minutes (or make a counter so 10 requests are ok but the 11th gets blocked, depending on your use case). 在每个请求之后,将令牌阻塞5分钟(或进行计数,以便10个请求正常,但第11个请求将被阻塞,具体取决于您的使用情况)。 When a token gets misused, block it, so the user will have to deinstall/reinstall your app, or, if he made a script to emulate the app, he'd have to re-register after every few posts (plus you can limit the numer of registrations per IP or something similar). 如果令牌被滥用,则将其阻止,因此用户将必须卸载/重新安装您的应用程序,或者,如果他编写了脚本来模拟该应用程序,则他必须在每发布几篇文章后重新注册一次(此外,您还可以限制每个IP或类似名称的注册数量)。

解决方案2
 0  2014-02-25 00:06:57

You can assume any fixed credentials will be compromised. 您可以假设任何固定的凭证都会受到损害。 A good attacker can and will reverse-engineer the client. 一个好的攻击者可以并且将对客户端进行反向工程。 On the flip-side, a username/password combo will compromise anonymity (and nothing is stopping a spammer from creating an account). 在另一方面,用户名/密码组合会损害匿名性(没有阻止阻止垃圾邮件发送者创建帐户的行为)。

Honestly, this is a very difficult problem. 老实说,这是一个非常困难的问题。 The (inelegant) solution involves something like a captcha where you provide a problem that is difficult for a bot but easy for a human to solve (for the record, I think captchas are almost useless, although there have been some less annoying alternatives). (不明确的)解决方案涉及诸如验证码之类的问题,其中您提供了一个机器人很难解决但人类却很容易解决的问题(据记录,我认为验证码几乎没有用,尽管有些烦人的替代方法)。

Alternatively, sites like Facebook use sophisticated algorithms to detect spam. 另外,像Facebook这样的网站也使用复杂的算法来检测垃圾邮件。 (This is a difficult approach so I would not recommend it unless you have the manpower to dedicate to it). (这是一个困难的方法,因此除非您有足够的人力来奉献,否则我不建议您这样做)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 API 凭据应存储在 laravel 中的哪个位置? - Where API credentials should be stored in laravel? 我应该在哪里使用 django 保存 gcloud 凭据 - Where should I save gcloud credentials with django 我应该在服务器上使用什么 WooCommerce API? - What WooCommerce API should I use on the server? UPS API-我应该使用哪种编码? - UPS API - What encoding should I use? 我应该共享贝宝(Paypal)API凭据吗 - Should I share Paypal API Credentials 我应该使用什么API编写网络使用程序? - What API should I use to write network usage program? 我应该在我的 REST Api 中使用 Helmet 的哪些模块 - What modules of Helmet should I use in my REST Api 我应该为 flutter 应用程序使用多个或单个 API 密钥吗? - Should I need to use many or single API key for a flutter app? 我应该通过多个步骤在REST API上使用什么响应代码? - What response code should I use on a REST API with multiple steps? 开发人员的API。 我应该使用哪种内容类型? - API for developers. What Content-Type should I use?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM