假设我有一个用于简单聊天室的客户端和服务器。
它们通过JSON字符串进行通信。
我知道以下示例是不安全的,但是我只对这是一种有效的通信方式感兴趣。
// The Client connects to the server.
// The Client sends a JSON string with the following variables to the server:
--> Intention: "Request"
--> Context: "Login"
--> Message: "username:admin|password:123"
// The Server receives the JSON string and the string goes through an if-statement:
--> if(Intention.Equals("Request")){...}else if(Intention.Equals("Response")){...}
// The Server now knows it's a Request and moves on to the next step.
--> if(Context.Equals("Login")){.<check if user exists in server database and if the login details match>.}
// If the login details are correct, The Server marks the connected Client as logged in and sends a JSON string back to The Client:
--> Intention: "Response"
--> Context: "Login"
--> Message: "OK"
// The Client receives the messages and sees it's OK, now the Client shows the user control panel and chatbox to the user which all send other Request JSON strings to The Server.
// Any other context than "Login" check if the Client actually is marked as logged in, if not, the server returns a response with "ERR_NOT_LOGGED_IN"
现在我有几个问题:
我之所以问是因为,我发现了很多有关客户端和服务器进行通信的好方法 ,但没有找到来回发送的实际内容 。
先感谢您!
如您所说,这不是很安全。 一些MITM可能会破解连接,发送其owm命令。 因此,为了确保安全,您应该尝试进行一些对称/不对称加密以保护内容并使用校验和以避免伪造的消息
要回答您的问题: