堆栈内存溢出
  简体   繁体   English

如何使GET Web服务更安全

[英]How to make GET web service more secure

 原文  2012-11-02 05:18:11       php/ android/ web-services

问题描述

I have created web service for android in PHP that uses GET method. 我已经在使用GET方法的PHP中为Android创建了Web服务。 Now I want to convert it to POST, to make it more secure. 现在,我想将其转换为POST,以使其更加安全。 How to convert the application from GET to POST? 如何将应用程序从GET转换为POST? Is there any other way to make it more secure? 还有其他方法可以使其更安全吗?

1 个解决方案

解决方案1
 4 已采纳  2012-11-02 06:08:49

The answer depends on who you want to secure it from. 答案取决于您想从谁那里获得保护。 Assuming that you want to protect from network sniffers, SSL is your best option. 假设您想免受网络嗅探器的攻击,SSL是您的最佳选择。

POST is the weakest form of "security" you could suggest. POST是您可能建议的最弱的“安全性”形式。 All it does it prevent the parameters being visible in a browser's cache history (which doesn't affect you at all in this case) and make it a fraction harder to sniff the parameters over the network (which does affect you). 它所做的所有事情都会阻止参数在浏览器的缓存历史记录中可见(在这种情况下完全不会影响您),并使通过网络嗅探参数变得更加困难(这确实会影响您)。 So there's minor benefit (yes, it's worth it), but it's not secure at all. 因此,这是次要的好处(是的,这是值得的),但这一点都不安全。

The simplest solution is to POST using SSL. 最简单的解决方案是使用SSL进行POST。 In other words, as opposed to posting to " http://example.com " you should post to " https://example.com " with a valid certificate on the server. 换句话说,与发布到“ http://example.com ”相反,您应该使用服务器上的有效证书发布到“ https://example.com ”。 That will encrypt the traffic between device and server. 这将加密设备和服务器之间的流量。 Google for suggestions, or start Secure HTTP Post in Android Google以寻求建议,或在Android中启动Secure HTTP Post

Failing that, you could encrypt the data yourself and then send the encrypted query openly as only your server can decrypt it. 失败的话,您可以自己加密数据,然后公开发送加密的查询,因为只有您的服务器才能解密它。 A little bit of Googling will give you code on how to encrypt in one and decrypt in the other securely - but as a small warning, getting it to work can be frustrating as it won't work until it suddenly does... there's not much debugging you can do when it doesn't work! 一点点谷歌搜索将为您提供有关如何在一个中加密和在另一个中安全解密的代码-但作为一个小警告,使其正常工作可能会令人沮丧,因为直到突然间它才起作用...没有不起作用时可以进行大量调试!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何让$ _GET更安全。 - How do i make $_GET more secure.? 如何使用Codeigniter制作更安全的登录系统? - How to make more secure login system with codeigniter? 如何使此登录/重定向方法更安全 - How to make this login/redirect method more secure 如何让php网站更安全 - How to make php website more secure 如何使php更加统一 - How to make php more secure in unity 如何使文件和文件夹更安全? - How to make files and folders more secure? 如何使用zend制作更安全的后端和URL? - how to make more secure backend and urls with zend? 如何让$ _SESSION更安全? - How can I make $_SESSIONs more secure? 如何使我的代码更安全 - How to make my code more secure 我怎样才能让这更安全? - How can I make this more secure?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM