HTTP从一台服务器重定向到另一台服务器
[英]Https redirect from one server to another
问题描述
The scenario is that a browser makes a request to server1. 
场景是浏览器向server1发出请求。 server1, does a https redirect to server2 with some confidential information in HTTP header. server1,使用HTTP标头中的一些机密信息将https重定向到server2。 Can browser view the contents of redirect from server1 or would it be encrypted? 浏览器可以查看从server1重定向的内容还是将其加密?
1 个解决方案
解决方案1
1 已采纳 2014-04-17 21:02:33
Can browser view the contents of redirect from server1 or would it be encrypted?
HTTPS provides transport-layer security between a browser and a server. HTTPS在浏览器和服务器之间提供传输层安全性。 The browser can indeed view anything in the response from either server. 浏览器确实可以查看来自任一服务器的响应中的任何内容。
You can test this for yourself. 您可以自己测试。 Just open the developer tools in your browser (in IE press F12), navigate to the tab that deals with network connections, and record the network conversation during such a redirect. 只需在浏览器中打开开发人员工具(在IE中按F12键),导航到处理网络连接的选项卡,并在这种重定向期间记录网络对话。 You can inspect the response headers from the redirect. 您可以从重定向检查响应头。
If the two servers need to exchange confidential information (meaning the browser should not be able to discover the information), it is best if they talk to each other directly via a secure channel. 如果两个服务器需要交换机密信息(这意味着浏览器不能发现该信息),则最好是它们通过安全通道直接进行通信。 You could consider adding the confidential data in encrypted form to the response (such that server2 can decrypt it), but any time you expose even the encrypted data to the client unnecessarily, you introduce another attack vector. 您可以考虑将加密形式的机密数据添加到响应中(这样server2可以对其进行解密),但是每当您不必要地向客户端公开甚至加密数据时,都会引入另一个攻击媒介。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.