我想为我的 SMS 服务将一个字符串加密为另一个长度为 4 到 6 的字符串。例如,我想将 UserID 加密为字符串 xxxx。所以用户只需发送“MyPage xxxx”然后发送到我的短信服务,我将解密字符串 xxx 以知道谁发送了这条消息。
谢谢!
问问题
102 次
2 回答
2
Sure, you can store 4-6 character unique string in your database and have your users to send it.
However, this raises some flags:
What if some other user learns this secret string and sends SMS with it? Would you trust such SMS that it was sent by user you have assumed? I don't think so.
If somebody is sending SMS to your server, presumably you will know their phone number where it was sent from - SMS will provide it. In that case, why bother asking user to provide anything more? Also, it is relatively difficult to forge sending SMS phone number. Don't get me wrong, sending phone number can be forged, but I think that it is still more secure than your approach.
Asking user to type anything that they need to remember is too much to ask. They will forget, they will make mistakes, they will screw it up. Don't do that, make it fully automatic, and just rely on sending phone number.
于 2012-12-24T05:30:12.030 回答
0
您可以为每个用户生成一个随机的 4 字符标识符(例如在注册时)并将其存储在数据库中。然后,当您获得文本时,您可以检查数据库中的标识符并查看谁发送了该消息。
于 2012-12-24T04:46:42.707 回答