stackoom
  简体   繁体   中英

HTTPS - iPhone to API - Is URL secure?

 原文  2011-03-02 21:53:22       .net/ iphone/ asp.net-mvc/ https

Question

I understood that when securing your site through HTTPS, the URL including the query string is encrypted and only sent once connection is made to the host so this url isnt available to eaves droppers.

However, someone has told us that this is not the case, at least in the case of iPhone to .Net (MVC) API connection and he recommended adding this sensitive information to the HTTP header.

So, can we rely on the query string being encrypted or is it best to change how we're working and add it to the header as suggested?

1 answers

solution1
 1 ACCPTED  2011-03-02 21:59:48

Any HTTPS connection works the same way:

  1. Client connects to port 443 (usually, can be a different port if specified in URL) on the server, establishes a TLS session
  2. Inside the TLS session, do HTTP: send command ("GET"), query string, HTTP Headers, and get a response

The only thing that's unencrypted is a DNS lookup of the hostname of the server, and then the connection to the server's IP address. Everything else is secure.

NOTE: this assumes you don't have a proxy doing stupid stuff in the middle.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I use WebClient.DownloadString from a secure URL (https)? Is it possible to do secure sockets (not https) with silverlight 2/3? read XML from URL and secure it How to secure an API written in .Net How to secure .NET API with Azure Web API not responding for HTTPS Easy way to login to a web site over secure connection (SSL, https)? secure MY rest services which are consumed in MY Android and iPhone App How do I secure a .NET Web Service for use by an iPhone application? Allow https Web Api connections
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM