有人可以破解 React Native 或任何传统 JS Native 应用程序的 API 调用吗
[英]Can some one hack API calls of React Native or any traditional JS Native Apps
问题描述
Let say i have a post api call like this
假设我有这样一个帖子 api 调用
fetch('https://mywebsite.com/endpoint/', {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json',
},
body: JSON.stringify({
firstParam: 'yourValue',
secondParam: 'yourOtherValue',
}),
});
can some one decode this android react app via dex2jar and something like this and snipe the apis calls..有人可以通过dex2jar之类的东西解码这个android反应应用程序并狙击api调用..
how can we secure the api calls via server side auth and also from snipping我们如何通过服务器端身份验证和剪切来保护 api 调用
2 个解决方案
解决方案1
0 2018-11-16 09:57:25
Yes it is possible, since your browser will show each call done by your app, using chrome you could openthe chrome dev tools and have a look at the network tab. 是的,这是可能的,因为您的浏览器将显示您的应用程序进行的每个呼叫,因此您可以使用chrome打开chrome开发工具并查看“网络”标签。
However there is many way to protect this (you cannot hide it, but you could definetly protect it from unwanted access), probably the most popular are this two : 但是,有很多方法可以保护它(您不能隐藏它,但是可以明确地保护它免受不必要的访问),可能最受欢迎的是以下两种:
解决方案2
0 2022-08-08 17:35:51
Plus someone can always open up the app and take a look at you MAP file and get your keys as well.另外,有人可以随时打开应用程序并查看您的 MAP 文件并获取您的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.