How to send securely passwords via GET/POST?
Question
I want to send HTTPS request in Java and send password in GET or POST data. Is it secure? Can I just put password in POST/GET field as a plain text and that will be secured when I use https? Or should I do something more?
2 answers
solution1
6 2012-02-26 22:25:06
Always send a password using POST. https will ensure it is encrypted whilst being sent.
solution2
1 ACCPTED 2012-02-27 00:57:29
The usual practice is to send your authentication username+password as the Base64 encoded Authorization header.
Base64 encoding is not encryption. You still have to ensure it goes thro SSL/https.
Base64 codec is a means to ensure that endianess and other idiosyncrasies of routers, switches, and other network intermediaries do not transform the password or any binary data to be transported thro the cloud of networks.
The codec works by perceiving a stream of binary data as being a train of individual text characters. But the characters are not 8-bit but 6-bit. The 64 text characters used are the usual AZ,a,z,0-9,+,/. With A having the value 0 and / having the value 63.
The http authentication header usually has this basic authentication format:
Authorization: Basic base64-encoded-username-password
Where base64-encoded-username-password has the layout username:password passed thro the base64 encoder (which is a Java util class, btw).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.