是否应该保护带有登录表单的网页? [英] Should a web page with a login form be secured?

问题描述

标题中有问题，但我会详细说明.

Question in title, but I'll elaborate.

假设我在非安全页面上有一个表单，但我不希望用户发布到我的 Web 服务器的数据对任何可能拦截它的人都有意义.我需要安全地提供表单还是只是将表单发布到一个安全的 URL?

Say I have a form on a non-secure page, but I don't want the data that the user is posting to my web server to make sense to anyone who might intercept it. Do I need to serve the form securely or simply post the form to a secure URL?

推荐答案

通过提供不安全的表单，您允许中间人更改表单的 POST 目标，从而让攻击者获取登录信息.但是 MITM 攻击并不常见，因此您可以提供不安全的表单.

By serving the form unsecured, you allow a man-in-the-middle to alter your form's POST destination, letting an attacker harvest login information. But MITM attacks are not common, so you're probably fine serving the form unsecured.

这篇关于是否应该保护带有登录表单的网页?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！