[英]How to send securely passwords via GET/POST?
I want to send HTTPS request in Java and send password in GET or POST data. 我想用Java发送HTTPS请求,并用GET或POST数据发送密码。 Is it secure? 安全吗? Can I just put password in POST/GET field as a plain text and that will be secured when I use https? 我可以仅将密码以纯文本形式输入POST / GET字段,并且在使用https时将得到保护吗? Or should I do something more? 还是我应该做更多的事情?
Always send a password using POST. 始终使用POST发送密码。 https will ensure it is encrypted whilst being sent. https将确保它在发送时被加密。
The usual practice is to send your authentication username+password as the Base64 encoded Authorization header. 通常的做法是将身份验证用户名+密码作为Base64编码的Authorization标头发送。
Base64 encoding is not encryption. Base64编码不是加密。 You still have to ensure it goes thro SSL/https. 您仍然必须确保它通过SSL / https。
Base64 codec is a means to ensure that endianess and other idiosyncrasies of routers, switches, and other network intermediaries do not transform the password or any binary data to be transported thro the cloud of networks. Base64编解码器是一种确保路由器,交换机和其他网络中介的内在性和其他特质不会转换密码或任何要通过网络云传输的二进制数据的方法。
The codec works by perceiving a stream of binary data as being a train of individual text characters. 编解码器通过将二进制数据流视为一系列单独的文本字符来工作。 But the characters are not 8-bit but 6-bit. 但是字符不是8位而是6位。 The 64 text characters used are the usual AZ,a,z,0-9,+,/. 使用的64个文本字符是常规的AZ,a,z,0-9,+,/。 With A having the value 0 and / having the value 63. 其中A的值为0和/的值为63。
The http authentication header usually has this basic authentication format: http身份验证标头通常具有以下基本身份验证格式:
Authorization: Basic base64-encoded-username-password 授权:基本的base64编码的用户名密码
Where base64-encoded-username-password has the layout username:password passed thro the base64 encoder (which is a Java util class, btw). 其中base64-encoded-username-password具有通过base64编码器(这是Java util类,btw)传递的布局username:password。
http://en.wikipedia.org/wiki/HTTP_header . http://en.wikipedia.org/wiki/HTTP_header 。
http://en.wikipedia.org/wiki/Base_64 . http://en.wikipedia.org/wiki/Base_64 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.