堆栈内存溢出
  简体   繁体   English

Twilio接收短信安全

[英]Twilio Receive SMS Security

 原文  2016-01-05 07:06:21       python/ flask/ twilio

问题描述

I'm following the quickstart example here: Twilio Python Quickstart 我在这里关注quickstart示例: Twilio Python快速入门

How should the server authenticate that the request is actually coming from twilio? 服务器应如何验证请求实际来自twilio?

I'm looking at the phone number config screen and this is what I see. 我正在看电话号码配置屏幕, 这就是我所看到的。 I don't see an IP white list or a way to specify twilio's auth credentials. 我没有看到IP白名单或指定twilio的auth凭证的方法。

It seems like anyone that knew the URL and response format could pretend to be twilio. 似乎任何知道URL和响应格式的人都可以假装是twilio。

Thanks for the help :) 谢谢您的帮助 :)

2 个解决方案

解决方案1
 2  2016-01-09 09:30:10

Twilio developer evangelist here. Twilio开发者传道者在这里。

I know Akhil has answered this (thanks Akhil!) and you accepted the answer. 我知道Akhil回答了这个问题(感谢Akhil!),你接受了答案。 However, there is one more, arguably better way to validate requests are coming from Twilio which I wanted to share with you too. 然而,还有一个,可以说是更好的验证请求来自Twilio的方法,我想与你分享。

When Twilio makes a call to your SMS URL (or any other URLs that you have set up) it will sign the request using a combination of the URL, the parameters in the request and your account's Auth Token. 当Twilio拨打您的SMS URL(或您已设置的任何其他URL)时,它将使用URL,请求中的参数和您帐户的Auth Token的组合对请求进行签名。 The signature is then sent as the request header X-Twilio-Signature . 然后将签名作为请求头X-Twilio-Signature

To verify the request was made by Twilio you can follow the same process to create the signature and then compare against the one sent by Twilio. 要验证Twilio发出的请求,您可以按照相同的过程创建签名,然后与Twilio发送的签名进行比较。 If they match, you can guarantee that Twilio sent the request. 如果匹配,您可以保证Twilio发送请求。

This is the high level view of it, if you want to read more, including the full description for the algorithm for creating the signature, check out Twilio's security page . 这是它的高级视图,如果您想要阅读更多内容,包括创建签名的算法的完整描述,请查看Twilio的安全页面 If you're using Python, the Twilio Python library provides the RequestValidator to easily validate requests . 如果您使用的是Python, Twilio Python库会提供RequestValidator来轻松验证请求

解决方案2
 1 已采纳  2016-01-05 09:06:06

When a particular twilio number receives a message, a request will be made to the SMS URL associated with that number. 当特定的twilio号码收到消息时,将向与该号码相关联的SMS URL发出请求。 Along with the message body, Twilio will pass a number of parameters. 与消息体一起,Twilio将传递许多参数。 A full list of parameters can be seen here ). 这里可以看到完整的参数列表。

Now you can check if the AccountSid passed along the message is set and as same as your Account Sid for quick verification. 现在,您可以检查传递的AccountSid是否已设置,并且与您的帐户Sid相同,以便快速验证。

If you want higher level of reliability, then you can use the MessageSid parameter to query the Message resource using REST API and crosscheck between request and resource obtained from REST API . 如果您需要更高级别的可靠性,则可以使用MessageSid参数使用REST API查询Message资源,并在从REST API获取的请求和资源之间进行交叉检查。

(Refer here for twilio Message REST API ) (请参阅这里的twilio Message REST API

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用Python接收和打印Twilio SMS - Receive and Print a Twilio SMS with Python 如何使用python接收短信并使用twilio加载到变量 - How to receive an SMS in python and load in to variable with twilio Twilio在短信接收上触发Python函数 - Twilio trigger Python function on SMS receive Python Twilio短信 - Python Twilio SMS python用twilio发送短信 - python sending sms with twilio Twilio SMS Repsonse - Twilio SMS Repsonse 带twilio错误的烧瓶短信 - Flask SMS with twilio error Twilio SMS / Python,试图捕获SMS的主体 - Twilio SMS/Python, trying to capture the body of an SMS 使用Python中的Twilio接收和处理SMS - Receiving and processing an SMS with Twilio in Python Twilio - 如何处理入站短信 - Twilio - how to handle inbound sms
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM