HTTPS 是否可以防止有效用户篡改有效负载? [英] Does HTTPS prevent a valid user from tampering with the payload?
问题描述
我们有 2 个网络应用程序,均使用 HTTPS(仅限服务器端证书)和单点登录身份验证系统进行保护.在 App1 中,用户将单击一个链接,然后需要向下钻取"到 App2 中的页面.它们共享相同的域和 SSL 证书,但实际上不是同一个应用程序.当 App1 将请求转发或重定向到 App2 时,它会在请求中包含一个身份验证令牌,以便 App2 可以验证用户的身份.
We have 2 web applications, both secured using HTTPS (server-side certificates only) and a single sign-on authentication system. In App1, a user will click a link which then needs to "drill down" into a page in App2. They share the same domain and SSL certificate, but are physically not the same app. When App1 forwards or redirects the request to App2, it includes an authentication token in the request so App2 can verify the user’s identity.
App1 知道用户有权查看哪些信息,称之为账户列表;App2 无权访问此信息(至少目前没有).已经建议 App1 也可以在请求中将授权帐户列表传递给 App2.
App1 knows what information the user is authorized to see, call it a list of accounts; App2 does not have access to this information (at least not at this time). It has been proposed that App1 may pass the list of authorized accounts to App2 as well, in the request.
我的问题是 HTTPS 是否保护有效负载并保证它仅由 App1/App2 服务器生成?更具体地说,我担心的是,具有有效身份验证令牌的有效用户是否能够使用其他帐户构建自己的表单,并将其作为有效的 HTTPS POST 请求提交到 App2 服务器,从而获得对未经授权帐户的访问权限?
My question is whether HTTPS protects the payload and guarantees that it was generated only by the App1/App2 servers? More specifically, my concern is whether a valid user, with a valid authentication token, might be able to build his own form with additional accounts and submit it as a valid HTTPS POST request to the App2 server and thereby gain access to unauthorized accounts?
推荐答案
不,HTTPS 本身并不能为您提供所需的安全性.要了解其他人如何解决您面临的问题,请查看此链接:
No, HTTPS alone does not provide you with the security you're looking for. For an indication of how others have tackled the problem you're facing, take a look at this link:
它是关于使用 SAML 协议完成 SSO.一般来说,如果安全是您的一个严重问题,您将需要使用经过同行评审的解决方案(如 SAML)而不是 DIY 方法来进行单点登录.您不需要使用 SAML,但您应该尝试使用适用于您的环境的现有 SSO 解决方案.
It is about accomplishing SSO with the SAML protocol. In general if security is a serious concern of yours, you'll want to use a peer-reviewed solution (like SAML) instead of a DIY approach to single sign-on. You don't need to use SAML, but you should try to use an existing SSO solution available for your environment.
为了保证它是由 App1/App2 服务器生成的"——您可以对有效负载进行数字签名.这可以防止篡改,但可能无法防止重放攻击 -- SSL 会在传输过程中对此有所帮助会被加密,但重放攻击仍然是可能的(也许通过一个 man中间攻击)
In order to "guarantee it was generated by the App1/App2 servers" -- you could digitally sign the payload. This would prevent tampering but may not prevent replay attacks -- SSL would help some with that as the transmission would be encrypted but replay attacks would still be possible (via perhaps a man in the middle attack)
这篇关于HTTPS 是否可以防止有效用户篡改有效负载?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
