提交3次,不知道问题在哪里,这个审核不通过的问题怎么解决?官方能不能帮忙解答下啊Submitted 3 times, I don't know where the problem is, how to solve the problem that this review failed? Can the official help?
提交3次,不知道问题在哪里,这个审核不通过的问题怎么解决?官方能不能帮忙解答下啊1:小程序功能不符合规则:
(1):你好,当前提审小程序包中可能包含明文的AppSecret,存在泄漏的安全风险。一旦被恶意用户通过技术手段获取你的AppSecret,对方可以通过调用API获取你的小程序敏感数据,如接口调用凭证、用户信息、用户使用数据、小程序码等。出于安全考虑,开发者应将AppSecret保存 到后台服务器中,并严格保密,不向任何第三方等透露。建议你立即调整技术方案,去除小程序包中的AppSecret字样并重置可能已泄漏的AppSecret,消除风险。参考文档
请根据上述原因对小程序进行修改,并重新提交代码审核。
1: The applet function does not comply with the rules: (1): Hello, the current trial applet package may contain plaintext appsecret, which poses a security risk of disclosure. Once a malicious user obtains your appsecret through technical means, the other party can obtain your applet sensitive data by calling API, such as interface call credentials, user information, user use data, applet code, etc. For security reasons, developers should save appsecret to the background server and keep it strictly confidential and not disclose it to any third party. It is recommended that you immediately adjust the technical scheme, remove the word appsecret in the applet package, and reset the appsecret that may have been leaked to eliminate the risk. For reference documents, please modify the applet according to the above reasons and resubmit the code for review.
回答:
AppSecret不要存在小程序的代码包里面。放在服务器端存储哦
问题不是已经说的很清楚了吗?
群主管理都是支付大佬
你好,当前提审小程序包中可能包含明文的AppSecret,存在泄漏的安全风险。一旦被恶意用户通过技术手段获取你的AppSecret,对方可以通过调用API获取你的小程序敏感数据,如接口调用凭证、用户信息、用户使用数据、小程序码等。出于安全考虑,开发者应将AppSecret保存 到后台服务器中,并严格保密,不向任何第三方等透露。建议你立即调整技术方案,去除小程序包中的AppSecret字样并重置可能已泄漏的AppSecret,消除风险。