Hardcoder icon indicating copy to clipboard operation
Hardcoder copied to clipboard

Published 20 hours ago verified publisher icon Tencent

鉴权风险

Open peterlirui opened this issue 4 years ago • 1 comments

鉴权的参数都是APP自己传的,包括密钥和uid,如果第三方APP被逆向了,密钥和uid被伪造,岂不是有风险?binder在Framework层获取uid相对风险可控,server端可以根据uid和包名做校验

peterlirui avatar Mar 17 '20 02:03 peterlirui

现在就有用uid和包名做判断的

SophiaGuo avatar Apr 30 '20 08:04 SophiaGuo