You can use the following two methods to authenticate users.
Check the identity of the Request sender
That is, after a Request is sent, the parameters include the user name and password. The server verifies the user name and password to determine whether the identity of the Request sender is reliable.
If a request takes a long time, the password may be compromised by hackers.
Use message signing mechanisms
The AccessID (request time, request parameters) + signature method is used to obtain the userID, key, and other information based on the AccessID to verify whether the server and the provider are consistent.
During the authentication, message signature algorithm HMAC-SHA1 is used to ensure the Integrity and Authenticity of messages during transmission.
After authentication, you need to control the request source-IP whitelist.
The IP whitelist applies to the entire project space and has the following three formats:
- Set the IP address, for example, 101.132.236.134
- Set the subnet mask, for example, 100.116.0.0/16
- Set a network segment, for example, 101.132.236.134 to 101.132.236.144
All three formats can be written in the same command, separated by commas.
Such as project administrator setproject odps. Security. IP. Whitelist = 101.132.236.134, 100.116.0.0/16101132. 236.134-101.132.236.144; Command to enable whitelist Settings.
After the IP whitelist is cleared, MaxCompute disables the whitelist function by default.
The process after the user submits the request is shown in the figure below:
The SourceIP is first retrieved through HTTPServer, and OdpsWorker matches the information in the metadata against your SourceIP.
If the information on both sides is consistent, the request is normal.