堆栈内存溢出
  简体   繁体   English

如何通过GET / POST安全发送密码?

[英]How to send securely passwords via GET/POST?

 原文  2012-02-26 22:21:18       java/ post/ https/ get

问题描述

I want to send HTTPS request in Java and send password in GET or POST data. 我想用Java发送HTTPS请求,并用GET或POST数据发送密码。 Is it secure? 安全吗? Can I just put password in POST/GET field as a plain text and that will be secured when I use https? 我可以仅将密码以纯文本形式输入POST / GET字段,并且在使用https时将得到保护吗? Or should I do something more? 还是我应该做更多的事情?

2 个解决方案

解决方案1
 6  2012-02-26 22:25:06

Always send a password using POST. 始终使用POST发送密码。 https will ensure it is encrypted whilst being sent. https将确保它在发送时被加密。

解决方案2
 1 已采纳  2012-02-27 00:57:29

The usual practice is to send your authentication username+password as the Base64 encoded Authorization header. 通常的做法是将身份验证用户名+密码作为Base64编码的Authorization标头发送。

Base64 encoding is not encryption. Base64编码不是加密。 You still have to ensure it goes thro SSL/https. 您仍然必须确保它通过SSL / https。

Base64 codec is a means to ensure that endianess and other idiosyncrasies of routers, switches, and other network intermediaries do not transform the password or any binary data to be transported thro the cloud of networks. Base64编解码器是一种确保路由器,交换机和其他网络中介的内在性和其他特质不会转换密码或任何要通过网络云传输的二进制数据的方法。

The codec works by perceiving a stream of binary data as being a train of individual text characters. 编解码器通过将二进制数据流视为一系列单独的文本字符来工作。 But the characters are not 8-bit but 6-bit. 但是字符不是8位而是6位。 The 64 text characters used are the usual AZ,a,z,0-9,+,/. 使用的64个文本字符是常规的AZ,a,z,0-9,+,/。 With A having the value 0 and / having the value 63. 其中A的值为0和/的值为63。

The http authentication header usually has this basic authentication format: http身份验证标头通常具有以下基本身份验证格式:

Authorization: Basic base64-encoded-username-password 授权:基本的base64编码的用户名密码

Where base64-encoded-username-password has the layout username:password passed thro the base64 encoder (which is a Java util class, btw). 其中base64-encoded-username-password具有通过base64编码器(这是Java util类,btw)传递的布局username:password。

http://en.wikipedia.org/wiki/HTTP_header . http://en.wikipedia.org/wiki/HTTP_header

http://en.wikipedia.org/wiki/Base_64 . http://en.wikipedia.org/wiki/Base_64

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何获取 EditText 和 RadioButton 的值并通过 HTTP Post 发送它 - How to get values of EditText And RadioButton and send it via HTTP Post 安全地存储用户名和密码 - Storing usernames and passwords securely 如何安全地处理Java Servlet过滤器中的密码? - How do I securely handle passwords in a Java Servlet Filter? 如何在AutoCompleteField中获取选定的文本,然后通过邮政将其发送到服务器 - How can I get the selected text in AutoCompleteField and send it to a server via post 如何将应用程序数据安全地发送到收件人/服务器 - How to send app data securely to a recipient/server 如何通过socket.io发送带有参数的POST/GET或在Android中通过socket.io调用feathersjs服务? - How can to send POST/GET with params via socket.io or call a feathersjs service via socket.io in Android? 获取移动设备的 IMEI 并通过 POST 将其发送到 php 文件 - Get IMEI of a mobile device and send it via POST to a php file 有没有办法在没有外部库的情况下通过NetBeans发送GET和POST请求? - Is there a way to send GET and POST requests via NetBeans without an external library? 如何在操作系统“默认”密钥库中安全地存储密码? - How can I store passwords securely in Operating Systems “default” Key-Store? 在Java中安全存储密码的最佳做法是什么? - What is the best practice for securely storing passwords in Java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM