从http到Https服务调用
[英]From http to Https Service Call
问题描述
is there a way for some one to sneak in the to see data if my service is over http and the caller in my case is hosted on http (ie service is on secure ssl host while caller is on simple http). 
如果我的服务通过http并且我的情况下的调用者托管在http上(例如,服务在安全ssl主机上,而调用者在简单的http上),是否可以让某人潜入以查看数据。 is that call secure or not? 那个电话安全吗?
2 个解决方案
解决方案1
1 已采纳 2009-06-05 06:42:58
Basic HTTP without any encryption or other means of obfuscating your content is just plain text going over the wire. 没有任何加密或其他混淆内容的基本HTTP就是纯文本。 Anyone with a bit of knowledge can trap that connection and just read everything that goes on. 任何有知识的人都可以捕获这种联系,只需阅读所有发生的事情。
I don't quite understand what you mean by the server is on secure host but the client is not? 我不太了解服务器的意思是服务器位于安全主机上,但客户端不是吗? Either the conversation between those two is secured by SSL / HTTPS (but then BOTH ends need to participate), or not. 两者之间的对话都通过SSL / HTTPS来保护(但是随后两端都需要参与),或者没有。 If not - it's just clear text on the wire. 如果不是,那只是电线上的明文。
解决方案2
1 2009-06-05 06:57:26
Yes if someone is able to sneak into your transmissions, they can workout if the messages are encrypted or not.
是的,如果某人能够潜入您的传输中,则无论邮件是否加密,他们都可以锻炼。 When you connect to a server marked with server side SSL (server marked with https), it sends a copy of its cert to the client (eg your browser) which verifies if its a genuine cert.
当您连接到标有服务器端SSL的服务器(标有https的服务器)时,它将证书的副本发送到客户端(例如您的浏览器),以验证其证书是否为正版。 This only confirms that the server is really what it says it is and not someone else masquerading. 这仅确认服务器确实是它所说的,而不是其他在伪装的服务器。
This does not guarantee that no can intercept your message. 这不保证没有可以拦截您的消息。 They can intercept but wont be able to decrypt. 他们可以拦截但无法解密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.