从服务器或客户端获取加密的凭证?
[英]Obtain encrypted credentials from server or client?
问题描述
I'm building an app that requires obtaining Login information from REST API service using POST method with plain text as parameter. 
我正在构建一个需要使用POST方法(以纯文本作为参数)从REST API服务获取登录信息的应用程序。
The credentials are encrypted in the server side. 凭证在服务器端被加密。 As per title, I might opt to move the encryption process to the client side which is the device itself. 按照标题,我可能会选择将加密过程移到设备本身的客户端。
So, which is safer, pulling credentials from the server or encrypt it on the client side instead? 那么,从服务器上提取凭据或在客户端上对其进行加密哪个更安全?
1 个解决方案
解决方案1
0 2014-02-14 05:00:44
You can perform action on Server Side and Client side too as well. 您也可以在服务器端和客户端执行操作。
Perform encryption on client side for sending login credentials. 在客户端上执行加密以发送登录凭据。
Perform encryption on server side for getting data on client side. 在服务器端执行加密以在客户端获取数据。
Use https instead of http that will too work for you as https encrypts whole data of its own. 使用https代替http会很适合您,因为https加密自己的全部数据。
Hope it sounds.. 希望听起来..
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.