The service side

  1. Source identification in HTTP requests

  2. Data encryption

    HTTPS is used to ensure the security of data transmission

  3. The data signature

    The data to be submitted is somehow combined into a string, and then an MD5 algorithm is used to generate a signature. If you feel that MD5 alone is not secure, you can also add salt and hash to MD5.

  4. The time stamp

    Add the timestamp of the current request in the parameter. After receiving the request, the server will compare the current time with the time in the request. For example, the time within 5 minutes will be transferred to the subsequent service processing, and the error code will be returned directly if the time is beyond 5 minutes. The timestamp mechanism is used to counter illegal DDOS attacks.

  5. AppID/Token

    To authenticate a valid calling user, the server can add an AppID or set a token for the login user.

  6. Global encryption of parameters

    Symmetric encryption or public key algorithm is used to encrypt the request to prevent packet capture in the network of the browser. Specific measures are as follows:

    • The front end generates a random number as a signature key for symmetric encryption of request data
    • The front-end uses the RSA public key to encrypt keys
    • The public key is passed to the server as a header

  7. Current limiting

    The server implements traffic limiting for interfaces. Traffic limiting algorithms are as follows: token bucket traffic limiting, leaky bucket traffic limiting, and counter traffic limiting.

  8. The blacklist

The client

  1. The compression

    Code compression: Remove unnecessary Spaces, line breaks and other content in JavaScript code, and share some code that may be common. Finally, the output results are compressed into one or several lines of content, reducing the code readability.

  2. confusion

    There are roughly two types of JavaScript obfuscators: those implemented through regular substitution and those implemented through syntax tree substitution.

  3. encryption

    Some of the core logic is written in languages such as C/C++ and executed through JavaScript calls, thus providing binary protection. The encryption methods now include Emscripten and WebAssembly.