使用HTTP而非HTTPS发送登录凭据安全吗?
[英]Safe to send login credentials using HTTP and not HTTPS?
问题描述
提交包含纯文本用户名和密码的HTTP POST是否安全,还是完全需要HTTPS?
3 个解决方案
解决方案1
2 已采纳 2012-03-19 05:13:10
HTTPS is required. 
需要HTTPS。 All HTTP traffic can be sniffed. 可以嗅探所有HTTP通信。
解决方案2
1 2012-03-19 06:33:20
No, HTTP alone does not give you any security at all. 不,仅HTTP根本无法提供任何安全性。 If someone is able to read the network traffic, they would be able to read the credentials too. 如果某人能够读取网络流量,那么他们也将能够读取凭据。
The network traffic might also be protected separately, but you can't control the network. 网络流量也可能会受到单独保护,但是您无法控制网络。 But you can control your application. 但是您可以控制您的应用程序。 So HTTPS ist a must. 因此,HTTPS必不可少。
解决方案3
0 2012-03-19 06:56:58
It's never safe to send an unencrypted, plaintext username and password over a wire others have access to. 通过其他人可以访问的网络发送未加密的纯文本用户名和密码永远都不安全。
While it's safe to send encrypted data over HTTP, HTTPS does this for you, giving you the added benefit of TLS . 通过HTTP发送加密的数据是安全的,但HTTPS可以为您做到这一点,为您提供了TLS的更多好处。 Given how well it stands up theoretically and in practice, it's far more compelling to use than inventing your own algorithm. 考虑到它在理论上和实践中的良好表现,使用它比发明自己的算法更具吸引力。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.