使用ASIHTTPRequest的“用户名”和“密码”属性是否安全?
[英]Is it safe to use the “username” and “password” property of ASIHTTPRequest?
问题描述
In my iPhone project, I was told to use the username and password property of ASIHTTPRequest to communicate with the server. 
在我的iPhone项目中,有人告诉我使用ASIHTTPRequest的username和password属性与服务器进行通信。 But the truth is I don't have a very clear picture on how this authentication process really works in some real cyber security cases. 但事实是,对于某些实际的网络安全案例,我对身份验证过程的工作原理一无所知。
One specific question: do I need to encrypt the password before handing it to the ASIHTTPRequest instance, or, I can just give it the plain version? 一个特定的问题:在将密码传递给ASIHTTPRequest实例之前是否需要对密码进行加密,或者我可以给它提供普通版本吗?
One general question: let's say I was a bad guy and I want to do something bad to other iPhone users, maybe eavesdropping on their iPhone activities or do something funny to the wireless routers that they're accessing via WiFi. 一个普遍的问题:假设我是个坏人,我想对其他iPhone用户做一些坏事,也许偷听他们的iPhone活动,或者对他们通过WiFi访问的无线路由器做一些有趣的事情。 Among all those tricks that I should try, what are the easiest ones, and what are the most dangerous ones? 在我应该尝试的所有技巧中,最简单的是什么,最危险的是什么?
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
1 已采纳 2011-01-11 13:05:43
ASIHTTPRequest, like the browser you're using right now, uses Basic Access Authentication . 就像您现在正在使用的浏览器一样,ASIHTTPRequest使用基本访问身份验证 。 The main security downside of that scheme is that it assumes the underlying server connection is secure. 该方案的主要安全缺点是,它假定基础服务器连接是安全的。 If you don't connect over SSL, the password is transmitted in plaintext. 如果不通过SSL连接,则密码以纯文本格式传输。
So don't do that. 所以不要那样做。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.