Python.requests安全吗? [英] Are Python.requests safe?

问题描述

我将要使用 Python.requests 从我自己的在线 api 到本地PC的数据.我的api需要身份验证，目前仅通过发布用户/密码即可完成身份验证:

I'm about to use Python.requests to get data from my own online api to my local pc. My api requires authentication which for now is done trough simply posting user/pass:

params = {'user': 'username', 'pass':'password'}

requests.post(url, params=params)

此请求是否安全?还是允许中间人捕获该用户/通行证?

Are this requests safe or is it going to allow a middle-man to capture that user/pass?

P.S我的api正在使用letsencrypt ssl证书.Python版本 3.7.0

P.S My api is using a letsencrypt ssl certificate. Python version 3.7.0

推荐答案

这与 python-requests 包无关，但与HTTP(和HTTPS)协议无关.HTTP是纯文本格式，因此任何能够嗅探您的数据包的人都可以读取内容(因此，明文形式的用户名/密码对).HTTPS使用了强大的加密功能，因此即使有人嗅探您的流量，也很难对其进行解密-当然，没有一种加密方案是100％安全的，但是即使对于NSA而言，解密SSL流量目前也过于昂贵.

this has nothing to do with the python-requests package, but with the HTTP (and HTTPS) protocols. HTTP is plain-text so anyone that manages to sniff your packets can read the content (hence the username/password pair in clear text). HTTPS uses strong encryption, so even someone sniffing your traffic will have a hard-time deciphering it - no encryption scheme is 100% safe of course but decrypting SSL traffic is currently way too costly even for the NSA.

IOW，使您的请求安全"的是HTTPS协议的使用，而不是您用来编写客户端代码的python(或非python)包.

IOW, what will make your requests "safe" is the use of the HTTPS protocol, not which python (or not python) package you use to write your client code.

这篇关于Python.requests安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！