加密json数据 [英] Encrypt json data
问题描述
如何加密从客户端到服务器来回传输的JSON数据?使用Firebug时,我可以看到所有数据(result.d
中的内容).我正在使用ASP.NET 3.5和C#.我们的管理员已将站点设置为使用https,但我仍然可以执行POST请求和数据.我想念什么?
How do I encrypt JSON data that is transferred back and forth from client to server? When I use firebug, I can see all the data (contents in result.d
). I'm using ASP.NET 3.5 and C#. Our admin has setup the site to use https but I can still the POST requests and the data. What am I missing?
谢谢!
推荐答案
HTTPS仍然是您的最佳选择-您只需要确保实际上正在使用HTTPS. Firebug可以为您做到这一点-如果您检查所使用的完整URL.
HTTPS is still your best option - you just need to ensure that HTTPS is, in fact, being used. Firebug can do this for you - if you inspect the full URL being used.
但是,Firebug在客户端上运行,因此可以看到加密前/解密后的数据. (只是因为您看到的是所有数据",并不意味着未通过网络"对其进行加密.)
However, Firebug is running on the client, so it is seeing the data before it is encrypted / after it is unencrypted. (Just because you're seeing "all the data" doesn't mean that it isn't being encrypted "over the wire".)
如果您需要真正验证/查看处于加密状态的数据,请使用 Wireshark 或提琴手.
If you need to really verify / see the data in its encrypted state, use something like Wireshark or Fiddler.
根据Greg的评论,此加密可防止网络上的其他用户查看您的数据-往返于服务器的数据.即,如果您在无线热点中,这将防止该热点中的其他用户或其他信誉不佳的网络运营商以明文形式截取您的数据.如果您试图阻止最终用户(使用Web浏览器的用户)查看数据,则不能.任何尝试都会导致设计缺陷™.
Extending upon Greg's comment, this encryption prevents other users on the network from viewing your data - both to and from the server. I.E., if you're at a wireless hotspot, this will prevent other users at the hotspot or other less-than-honorable network operators from intercepting your data in clear-text. If you're trying to prevent the end user (the user using the web browser) from viewing the data, you can't. Any attempts to do so will be defective-by-design™.
这篇关于加密json数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!