对安全域执行POST操作是否始终安全 [英] Is a POST action to a secure domain always secure

问题描述

是具有以下操作标记的常规域( http ://www.domainname.com/form.php)上的表单:

<form action="https://www.domainname.com/mail.php" method="POST">

真的安全吗?

解决方案

否.

可以在向用户(中级攻击者)的途中截获表单，并修改页面，以便将数据提交到其他位置(可能使用JavaScript，因此很难发现数据被盗). /p>

对HTTPS站点的请求将是安全的，但不能及时避免数据被拦截.

此外，包含表单的页面也不会被标记为安全的，不会被用户非法信任.

Is a form on a regular domain (http://www.domainname.com/form.php) with the following action tag:

<form action="https://www.domainname.com/mail.php" method="POST">

indeed secure?

解决方案

No.

The form can be intercepted on its way to the user (a man in the middle attack) and the page modified so that the data will be submitted somewhere else (possibly with JavaScript so the data theft is harder to spot).

The request to the HTTPS site will be secure, but not in time to avoid the data being intercepted.

Also, the page containing the form will not be marked as secure, which will not illicit trust from the user.

这篇关于对安全域执行POST操作是否始终安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！