JavaScript 和 PHP 中的 Web 服务之间的安全通信 [英] Secure communication between JavaScript and a Web service in PHP
问题描述
我想为它制作一个网络服务(带有 post、get、delete - REST)和 2 个客户端.第一个客户端将使用 JavaScript,他需要与 Web 服务通信,第二个客户端是桌面应用程序.我正在互联网上寻找一种解决方案来确保通信安全,但我还没有找到.是否可以 ?我无法使用 SSL,因为这是一个家庭项目.
I want to make a web service ( with post,get,delete - REST ) and 2 clients for it. The first client will be on JavaScript and he will need to comunicate with the web service and the second client is a desktop application. I was searching the internet for a solution to make the communication secure but I haven't find one. Is it possible ? I can't use SSL because this is a home project.
另外,我不能使用 websockets.
Also, I can't use websockets.
推荐答案
这里有一些选项(虽然我想你已经在考虑这些了):
Here are some options (though I imagine you are already considering these):
正如 deceze 所说,您可以创建自签名证书.我已经做过好几次了.这是一个很好的操作方法/教程.如果您使用的是 Windows,那么 Farray 提到的问题 可能会有所帮助.
As deceze mentions, you can create a self-signed cert. I have done it several times. Here is a good how-to/tutorial. If you are in Windows, then the question that Farray mentioned might be helpful.
虽然很难正确执行,但您可以在传输数据之前对其进行加密,但这会给您的代码增加很多,尤其是因为您需要在服务服务器和两个不同的客户端上进行加密.使用 javascript 会特别困难(但可以做到,请参阅 Kevin Vaughan 对 这个问题).
Though difficult to do correctly, you can encrypt your data before transferring it, but this adds a lot to your code, especially since you need to do it at the service server AND two different clients. It will be especially difficult to do with javascript (but it CAN be done, see Kevin Vaughan's answer to this question).
这篇关于JavaScript 和 PHP 中的 Web 服务之间的安全通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
