HTTP安全 [英] http security

问题描述

我有一个简短的问题，希望这里的人会知道.

我的工作电子邮件使用Oracle Server.我们的其中一台服务器当前已关闭，我注意到由于未通过登录请求，因此登录信息实际上是通过地址传递的……如:

mail.something.com/login.msc?user=something&password=myPassword

这是一个https网站，但这是否意味着该地址以加密形式通过Internet传递?还是截获该HTTP请求的任何人都能看到登录名和密码信息?

I have a quick question that I hope someone on here would know about.

My work email uses Oracle Server. One of our servers is currently down and I noticed that because the login request did not go through that the login information is actually passed through the address...as in:

mail.something.com/login.msc?user=something&password=myPassword

This is an https site, but does that mean that the address is passed through the internet in an encrypted form? Or could anyone that intercepts that http request see the login and password information?

推荐答案

HTTPS连接上的URL查询中包含的数据已加密.我在此处 [ ^ ].

此外，GET或POST的请求类型略有不同. 此 [ ^ ]博客文章对此进行了解释，请看一下.

因此，带有HTTPS的POST应该是一个不错的选择.

The data contained in the URL query on an HTTPS connection is encrypted. I find the a good explaination given by ''sycophant-ga'' here[^].

Further, there is a slight difference in kind of request it is... GET or POST. This[^] blog article explains on it, have a look.

So a POST with HTTPS should be a good option.

这篇关于HTTP安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！