保护C#和PHP之间的通信(而不是加密数据)

我正在开发Android和iOS游戏,我需要调用php页面来收集并输入数据到 数据库mysql。</ p>

发送和接收数据工作正常,问题是发送的数据没有加密,但我可以用ssl证书解决它,以便拥有所有的 数据发送加密。</ p>

另一个问题是,通过一些适当的程序(例如:Charles Proxy),您可以看到指向我的php文件的地址,因此您可以重新提交数据包。 例如:</ p>

这是我的test.php:</ p>

  $  code = $ _POST ['SecretCode']; 

if($ code ==“secretcode”)
{
//连接数据库并增加'i'值
}
</ code> </ pre>

这是我在Unity3D中的C#代码:</ p>

  public IEnumerator test()
{
WWWForm form = new WWWForm(); \ n form.AddField(“SecretCode”,secretcode);
WWW www = new WWW(“http://sitename.com/test.php”, form);

yield return www;

if if(www.text!=“”)
{
// //返回值
}
}
</ code> </ pre>

现在,如果从我的游戏中调用'test()'函数,php会调用安全代码,如果是正确的话,会增加数据库中的变量。</ p> \ n

当游戏发送此请求时,Charles Proxy可以看到请求,因此我可以与Charles无休止地重新发送请求,无休止地增加数据库中的值。</ p>

To 让你理解得更好我会给你看一张总结的图片:</ p>

http://postimg.org/image/x3owvt5il/ </ p>

最后有一种方法可以隐藏php文件或使其看起来未知?
或者不要 如果有人试图重复这些请求,请更改数据库上的值?</ p>
</ div>

展开原文

原文

I'm developing an Android and iOS game, I need to call the php pages to collect and enter data into the database mysql.

Sending and reception of data works properly, the problem is that the data sent is not encrypted, but this I can solve it with the ssl certificates, in order to have all the data send encrypted.

The other problem is that with some appropriate programs (example: Charles Proxy) you can see the address pointed to my php file, and consequently you can resubmit the packet over and over again.

For example:

This is my test.php:

$code = $_POST['SecretCode'];

if($code == "secretcode")
{ 
    // Connect to DB and increment 'i' value
}

This is my C# code in Unity3D:

public IEnumerator test()
{
    WWWForm form = new WWWForm();
    form.AddField("SecretCode", secretcode);
    WWW www = new WWW("http://sitename.com/test.php", form);

    yield return www;

    if(www.text != "")
    {
        // Returned value
    } 
}

Now, if from my game I call the 'test ()' function, the php called check the security code, and if it is right, will increase the variable on the database.

While the game sends this request, Charles Proxy can see the request and therefore I can with Charles resend endlessly the request, increasing endlessly the value in the database.

To make you understand better I'll show you a picture that sums it all:

http://postimg.org/image/x3owvt5il/

Finally there is a way to make invisible the php file or make it look unknown? Or just do not change the value on the database if someone tries to repeat these requests?

dpzff20644
dpzff20644 是。在答案框中输入相同的单词,然后您可以编辑它们。
大约 5 年之前 回复
dousong2023
dousong2023 您应该在提供的答案框中写下您的解决方案,然后您就可以接受该答案。这就是StackOverflow记录问题完成的方式,并为您提供积分。参观游览。
大约 5 年之前 回复

1个回答



解决方案:我找到了解决方案! 我在客户端和服务器之间的连接领域不太实际。 为了保护客户端和服务器之间的通信,只需使用HTTPS协议,因此除了已经加密的数据之外,您还具有加密通信,以便没有人可以看到您的URL并且无法创建无尽的包请求 你之前寄过的。</ p>
</ div>

展开原文

原文

SOLUTION: I have found the solution! I'm not very practical in the field of connections between client and server. To protect the communication between the client and the server, just use the HTTPS protocol, and so in addition to having the data already encrypted, you also have the encrypted communication so that nobody can see your url and can not create endless request of the package that you sent previously.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问