REST请求标头是否由SSL加密？ [英] Are REST request headers encrypted by SSL?

问题描述

我正在开发一个客户端/服务器应用程序，它将通过休息进行通信。一些自定义请求数据将存储在请求的标头中。发送请求的服务器和接收服务器都有SSL证书 - 标头是加密的还是内容？

I'm developing a client/server app that will communicate via rest. Some custom request data will be stored in the header of the request. Both the server sending the request and the receiving server have an SSL certificate - will the headers be encrypted, or just the content?

推荐答案

SSL加密从客户端到服务器的整个通信路径，然后返回，是的 - 标头将被加密。

SSL encrypts the entire communications path from the client to the server and back, so yes - the headers will be encrypted.

顺便说一句，如果你开发网络应用程序和关心数据安全性，你应该做的最少的事情就是阅读像Niels Ferguson和Bruce Schneier这样的实用密码学这本书，并且可能进一步阅读更多关注Web应用程序安全性的书将是一个好主意。如果我可以做一个观察 - 并且请，我并不是说这是个人的批评 - 你的问题表明基本上缺乏对非常基本的网络安全技术的理解，这绝不是一个好兆头。

By the way, if you develop networked applications and care about data security, the least you should do is read a book like Practical Cryptography, by Niels Ferguson and Bruce Schneier, and probably further reading that's more focused on web application security would be a good idea. If I may make an observation - and please, I don't mean that as a personal criticism - your question indicates a fundamental lack of understanding of very basic web security technologies, and that's never a good sign.

此外，确认假定加密的数据确实是加密的，这绝不是一个坏主意。您可以使用网络分析仪监控线路上的流量，并注意明确发送的任何敏感信息。我之前使用过Wireshark来做这件事 - 结果有时令人惊讶。

Also, it's never a bad idea to confirm that data which is assumed to be encrypted is indeed encrypted. You can use a network analyzer to monitor traffic on the wire and watch out for anything sensitive being sent in the clear. I've used Wireshark to do this before - the results can be surprising, sometimes.

这篇关于REST请求标头是否由SSL加密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！