使Web服务安全 [英] make web service secure

问题描述

我已创建使用我想把它转换成在POST为使安全的GET方法机器人在PHP Web服务。如何将应用程序从GET为POST mehtod.a，以确保它的任何其他方式？

i have create a web service for android in php using GET method i want to convert it in POST for make it secure. how to convert application from GET to POST mehtod.a any other way to secure it?

推荐答案

答案取决于你想从固定谁。假设你想从网络嗅探器来保护，SSL是您最好的选择。

The answer depends on who you want to secure it from. Assuming that you want to protect from network sniffers, SSL is your best option.

POST是安全的最弱的形式，你可以建议。它所做的是prevent的参数是在浏览器的缓存历史可见的（这并不影响你在所有在这种情况下），使之成为稍硬嗅出参数在网络上（这会影响你）。因此，有小的好处（是，它是值得的），但它不是固定的。

POST is the weakest form of "security" you could suggest. All it does it prevent the parameters being visible in a browser's cache history (which doesn't affect you at all in this case) and make it a fraction harder to sniff the parameters over the network (which does affect you). So there's minor benefit (yes, it's worth it), but it's not secure at all.

最简单的解决方法是使用SSL来POST。换句话说，相对于张贴到http://example.com你应该张贴到https://example.com在服务器上安装有效证书。将加密设备和服务器之间的通信量。谷歌的建议，或者启动安全HTTP发布在Android中

The simplest solution is to POST using SSL. In other words, as opposed to posting to "http://example.com" you should post to "https://example.com" with a valid certificate on the server. That will encrypt the traffic between device and server. Google for suggestions, or start Secure HTTP Post in Android

如果做不到这一点，你可以在自己的数据进行加密，然后发送加密的公开查询，因为只有你的服务器可以将其解密。谷歌搜索一点点会给你如何在一个加密和解密的其他安全code - 但作为一个小警告，得到它的工作可能是令人沮丧的，因为它不会工作，直到它突然不... 。没有太多的调试，你可以做的，当它不工作！

Failing that, you could encrypt the data yourself and then send the encrypted query openly as only your server can decrypt it. A little bit of Googling will give you code on how to encrypt in one and decrypt in the other securely - but as a small warning, getting it to work can be frustrating as it won't work until it suddenly does... there's not much debugging you can do when it doesn't work!

这篇关于使Web服务安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！