将Access Token以明文形式放入请求标头中是否安全？ [英] Is it safe to put Access Token in plain text in the request header?

问题描述

我想知道通过http方案将访问令牌放入请求头的安全性。如果有人拦截令牌并使用它来访问Microsoft Translator API并代表我的帐户消耗大量字符（数据量），该怎么办？

I was wondering the safety to put Access Token in request header through http scheme. What if someone intercept the token and use it to access Microsoft Translator API and consumes large amount of characters(data volumes) on behalf of my account.

如何防止这种情况发生？

How can I prevent that from happening?

推荐答案

嗨乐趣，

不，不完全。令牌的设定到期时间为10分钟，以限制小偷可以使用被盗令牌造成的伤害。您应该制定验证您的应用程序的规定，这样您就不会将令牌交给冒名顶替者。

no, not completely. The token has a set expiration time of 10 minutes, in order to limit the damage a thief can do with a stolen token. You should put provisions in place that authenticate your app, so that you do not hand the token to an impostor.

所有翻译方法均可通过SSL访问。

All Translator methods are accessible via SSL.

Chris Wendt

Microsoft Translator

Chris Wendt
Microsoft Translator

这篇关于将Access Token以明文形式放入请求标头中是否安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！