通过 https 发送敏感数据的安全性如何? [英] How secure is sending sensitive data over https?

问题描述

在查询字符串中使用敏感数据(如密码)时，SSL 是否足够安全?是否有任何额外的选项可以实施?

Is SSL secure enough for using sensitive data (like password) in query string? Is there any extra options to implement?

推荐答案

SSL 提供安全的传输级安全性.客户端和服务器之间应该没有人能够读取信息.

SSL provides secure, transport-level security. Nobody between client and server should be able to read the information.

但是您应该改变在查询字符串中写入敏感数据的想法.它将显示在浏览器的历史记录中，并在浏览器的地址栏中和服务器上的日志中可见.请参阅这篇文章:查询的安全性HTTPS 上的字符串?

But you should change your mind about writing sensitive data in the querystring. It will show up in the browser's history and is visible in the address bar of the browser and in logs on the server. See this article: How Secure Are Query Strings Over HTTPS?

如果使用查询字符串是您唯一的选择(我对此表示怀疑)，这里有一篇有趣的文章 关于保护查询字符串.

If using query strings is your only option (I doubt it), here is an interesting article about securing query strings.

这篇关于通过 https 发送敏感数据的安全性如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！