如何使GET Web服务更安全 [英] How to make GET web service more secure

问题描述

我已经在使用GET方法的PHP中为Android创建了Web服务.现在，我想将其转换为POST，以使其更加安全.如何将应用程序从GET转换为POST?还有其他方法可以使其更安全吗?

I have created web service for android in PHP that uses GET method. Now I want to convert it to POST, to make it more secure. How to convert the application from GET to POST? Is there any other way to make it more secure?

推荐答案

答案取决于您希望从谁那里获得保护.假设您要保护免受网络嗅探器的侵害，SSL是您的最佳选择.

The answer depends on who you want to secure it from. Assuming that you want to protect from network sniffers, SSL is your best option.

POST是您可能建议的最弱的安全性"形式.它所做的所有事情都会阻止参数在浏览器的缓存历史记录中可见(在这种情况下完全不会影响您)，并使通过网络嗅探参数变得更加困难(这确实会影响您).因此，这是次要的好处(是的，这是值得的)，但这一点也不安全.

POST is the weakest form of "security" you could suggest. All it does it prevent the parameters being visible in a browser's cache history (which doesn't affect you at all in this case) and make it a fraction harder to sniff the parameters over the network (which does affect you). So there's minor benefit (yes, it's worth it), but it's not secure at all.

最简单的解决方案是使用SSL进行POST.换句话说，与发布到" http://example.com "相反，您应该发布到" https://example.com ，并且服务器上具有有效证书.这将加密设备和服务器之间的流量.Google寻求建议，或开始保护Android中的HTTP发布

The simplest solution is to POST using SSL. In other words, as opposed to posting to "http://example.com" you should post to "https://example.com" with a valid certificate on the server. That will encrypt the traffic between device and server. Google for suggestions, or start Secure HTTP Post in Android

如果失败，您可以自己加密数据，然后公开发送加密的查询，因为只有您的服务器才能解密它.一点点谷歌搜索将为您提供有关如何在一个中加密和在另一个中安全解密的代码-但作为一个小警告，使其正常工作可能会令人沮丧，因为直到突然间它才起作用...不起作用时可以做很多调试！

Failing that, you could encrypt the data yourself and then send the encrypted query openly as only your server can decrypt it. A little bit of Googling will give you code on how to encrypt in one and decrypt in the other securely - but as a small warning, getting it to work can be frustrating as it won't work until it suddenly does... there's not much debugging you can do when it doesn't work!

这篇关于如何使GET Web服务更安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！