可以嗅探一个人的求职数据吗? [英] Can one's post request data be sniffed?
问题描述
很抱歉,我对此并不陌生,并假设我会混淆一些术语.
I apologize, I am new to this and assume that I will mix some terms up.
我正在尝试设置Google clientLogin,并且担心在POST请求中发送我的私人信息.
I am trying to setup Google clientLogin and I am worried about sending my private information in the POST request.
根据我正在阅读的内容,您必须向其指定的网址创建发布请求( https://www.google.com/accounts/ClientLogin )并发布以下数据:
From what I am reading, you have to create a post request to the URL they specify (https://www.google.com/accounts/ClientLogin) and POST the following data:
Email=<username>&Passwd=<password>&service=youtube&source=<source>
但是,如果此请求只是通过网络进行的,有人能不能只是嗅探这些请求并获取您的登录信息?
But if this request is just going over the wire, can't someone just sniff these requests and get your login information?
因为它是https,是否已加密? 我只需要为http担心吗?
Is it encrypted because it is https? Would I only have to worry about this with http?
老实说,我对所有这些事情感到很困惑,如果除了我的问题的答案之外,有人可以为我提供有关如何将Google Maps与私有Fusion表结合使用的好指南,我会以积极的方式向您发送积极的想法!
推荐答案
- HTTP请求以纯文本形式通过网络传输-因此可以轻松地进行嗅探.
- HTTPS是通过安全套接字层(SSL)发出的HTTP请求,它在客户端和服务器之间提供数据加密,标识服务器,并(可选)标识客户端.
因此,尽管可以嗅探加密的数据,但在传输过程中可以将它们视为安全的-换句话说,攻击者将看不到明文.
So, although it's possible to sniff the encrypted data, they can be considered secure while in transit - in other words, an attacker would not see the plaintext.
对HTTPS的攻击多种多样,但最常见的攻击很容易检测到,例如如果您在以前正常工作的HTTPS站点上收到证书错误,则可能表示尝试了攻击.有关其他内容,请查看在security.stackexchange.com上标记为SSL的问题
There are various attacks on HTTPS, but the most common are easily detectable, e.g. if you get a certificate error on a HTTPS site that used to work normally, this may be a sign of an attempted attack. For additional reading, see the questions tagged SSL on security.stackexchange.com
长话短说:通过HTTPS进行POST比通过HTTP进行安全得多. (您仍然需要在客户端和服务器端仔细处理数据,HTTPS是 transport 保护)
Long story short: POST over HTTPS is much more secure than over HTTP. (You still need to handle the data carefully on client- and server-side, HTTPS is a transport protection)
这篇关于可以嗅探一个人的求职数据吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
