通过 HTTPS 的纯文本密码 [英] Plain text password over HTTPS

问题描述

我目前正在开发一个 PHP OpenID 提供程序，它将通过 HTTPS(因此 SSL 加密)工作.
我以纯文本形式传输密码是否错误?HTTPS 理论上是无法拦截的，所以我看不出有什么问题.或者这在某种程度上是不安全的，而我没有看到这一点?

I'm currently working on a PHP OpenID provider that will work over HTTPS (hence SSL encrypted).
Is it wrong for me to transmit the password as plain text? HTTPS in theory, cannot be intercepted, so I don't see anything wrong. Or is this unsafe at some level and I'm failing to see this?

推荐答案

它是安全的.这就是整个网络的运作方式.表单中的所有密码始终以纯文本形式发送，因此需要 HTTPS 来保护它.

It is safe. That's how the entire web works. All passwords in forms are always sent in plain text, so its up to HTTPS to secure it.

这篇关于通过 HTTPS 的纯文本密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！