Development of Internet technologies continues to demand higher security requirements.
A browser game based on the Internet is used as an example. To integrate game resources, generally, a joint operation platform party integrates games provided by multiple game providers into a same web page and presents them to a client. From the perspective of technologies, the joint operation platform party integrates, through a joint operation platform server, game data provided by the multiple game providers by using a game server, so as to form a game system. To ensure security of the game server, in the game system, a login server (which may also be understood as a login interface) is generally set between the joint operation platform server and the game server. The main function of the login server is to verify a login request from the joint operation platform server. If the verification succeeds, the login of the client is accepted and the web page jumps to a corresponding game server. If the verification fails, a wrong address is returned to the joint operation platform server, and the login of the client is rejected.
For example, FIG. 1 is a schematic flowchart of a method for logging in to a game server in the prior art.
Step S1. The client initiates a login request to the joint operation platform server.
Step S2. The joint operation platform server adds a timestamp for the login request, performs encryption on the login request according to a preset external key, so as to generate an external signature, and sends request parameters that include the timestamp and the external signature to the login server.
Step S3. The login server performs decryption on the external signature from the joint operation platform server, and determines whether the timestamp has timed out. Once the decryption succeeds and it is verified that the timestamp has not timed out, perform step S4; or, once the decryption fails or it is verified that the timestamp has timed out, perform step S5.
Step S4. If the login succeeds, jump to the game server.
Step S5. If the login fails, return a wrong address to the joint operation platform server. In the prior art, verification is performed only on the timestamp and the external signature for the login request from the joint operation platform server.
If another joint operation platform server outside the system steals the login request, and the stolen login request conforms to related parameters in the system, the stolen login request may be used to circumvent a zone selection page of the joint operation platform server in the system and to request logging in to the game server, thereby implementing access to the game server, presenting an extremely great security threat to the game server.
In addition, once external keys of the joint operation platform server in the system and the login server are leaked, a third party may still perform encryption on the login request according to the stolen external key, and may also easily pass the verification of the login server, presenting an extremely great security threat to the game server.
Therefore, it is necessary to solve the technical problem in the prior art that an extremely great threat is present to login security of a server because the login request can be stolen easily and the external key may be leaked easily.