Python.requests安全吗? [英] Are Python.requests safe?
问题描述
我将要使用 Python.requests
从我自己的在线 api
到本地PC的数据.我的api需要身份验证,目前仅通过发布用户/密码即可完成身份验证:
I'm about to use Python.requests
to get data from my own online api
to my local pc. My api requires authentication which for now is done trough simply posting user/pass:
params = {'user': 'username', 'pass':'password'}
requests.post(url, params=params)
此请求
是否安全?还是允许中间人捕获该用户/通行证?
Are this requests
safe or is it going to allow a middle-man to capture that user/pass?
P.S我的api正在使用letsencrypt ssl证书.Python版本 3.7.0
P.S My api is using a letsencrypt ssl certificate. Python version 3.7.0
推荐答案
这与 python-requests
包无关,但与HTTP(和HTTPS)协议无关.HTTP是纯文本格式,因此任何能够嗅探您的数据包的人都可以读取内容(因此,明文形式的用户名/密码对).HTTPS使用了强大的加密功能,因此即使有人嗅探您的流量,也很难对其进行解密-当然,没有一种加密方案是100%安全的,但是即使对于NSA而言,解密SSL流量目前也过于昂贵.
this has nothing to do with the python-requests
package, but with the HTTP (and HTTPS) protocols. HTTP is plain-text so anyone that manages to sniff your packets can read the content (hence the username/password pair in clear text). HTTPS uses strong encryption, so even someone sniffing your traffic will have a hard-time deciphering it - no encryption scheme is 100% safe of course but decrypting SSL traffic is currently way too costly even for the NSA.
IOW,使您的请求安全"的是HTTPS协议的使用,而不是您用来编写客户端代码的python(或非python)包.
IOW, what will make your requests "safe" is the use of the HTTPS protocol, not which python (or not python) package you use to write your client code.
这篇关于Python.requests安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!