Authorization
Basic Authorization
To solve the problem of hijack username and password in common Basic Authorization, I suggest to use MD5 and random ID. Client Side:
1) Put a random String (Like “uwolafnfslggk”) in request header as a value. Define a key in header(e.g: ‘x-inner-key’) to map to this value.
2) Combine “username, password and the value of ‘x-inner-key’” to a new string.
3) MD5 this new string to generate a MD5 value.
4) Put this MD5 value to the header. Define a key in header (‘x-inner-token’) to map to this MD5 value.
Server Side: 1) Combine “username, password and the value of ‘x-inner-key’” to a new string.
2) MD5 this new string to generate a MD5 value.
3) If the MD5 value is equal to header[‘x-inner-token’], then authorize success.