Coding With Fun
Home Docker Django Node.js Articles Python pip guide FAQ Policy

WeChat small program safety guidelines and development principles and precautions

May 18, 2021 WeChat Mini Program Development Document

Table of contents

1. Development principles and considerations

Safety guidelines

Development principles and considerations

This document organizes some of the security risks and vulnerabilities common in small program development to help developers discover and fix vulnerabilities in the development process and avoid loss to business and data after they are online. Developers must be based on the following principles in their development efforts:

  1. The principle of mutual distrust does not trust data submitted by users, including data provided by third-party systems, and the necessary data checks must be placed in the background.
  2. Minimum permission principle, code, modules, etc. only have the minimum permissions to complete the task, do not give unnecessary permissions.
  3. It is prohibited to save sensitive user data in clear text.
  4. Small program code (excluding cloud function code) is similar to the front-end code of traditional web applications and can be externally acquired and counter-confused, and important business logic should be placed in background code or cloud functions.
  5. Background interface calls, as well as cloud function calls, must be valid identity.



Related

WeChat small program City Service quickly fill in components

WeChat gadgets Custom components

WeChat gadget WeUI navigation component

WeChat small program capacity party to use onAgentPosQuery

WeChat gadget component contact-button (customer service session button)

WeChat small program API background audio background player playback

WeChat small program cloud development pay-per-view

WeChat Small Program Framework Extension Computed

WeChat small program API interactive feedback

WeChat small program cloud development initialization