如果您使用 HTTPS，您的 URL 参数会不会被嗅探? [英] If you use HTTPS will your URL params will be safe from sniffing?

问题描述

假设我设置了一个简单的 php Web 服务器，其中包含一个可以通过 HTTPS 访问的页面.该 URL 具有简单的参数，例如 https://www.example.com/test?abc=123.

Suppose I setup a simple php web server with a page that can be accessed by HTTPS. The URL has simple parameters, like https://www.example.com/test?abc=123.

在这种情况下，这里的参数对人们嗅探数据包是安全的吗?如果服务器不使用任何 SSL 证书，这会是真的吗?

Is it true that the parameter here in this case will be safe from people sniffing the packets? And would this be true if the server does not employ any SSL certificate?

推荐答案

是的，您的 URL 不会被嗅探；然而，一个容易被忽视的漏洞是，如果您的页面引用了任何第三方资源，例如 Google Analytics、添加任何内容，您的整个 URL 将通过引用发送给第三方.如果它真的很敏感，它就不属于查询字符串.

Yes your URL would be safe from sniffing; however, one hole that is easily overlooken is if your page references any third party resources such as Google Analytics, Add Content anything, your entire URL will be sent to the third party in the referer. If its really sensitive it doesn't belong in the query string.

至于问题的第二部分，如果服务器上没有证书，则无法使用 SSL.

As for your second part of the question, you can't use SSL if you don't have a certificate on the server.

这篇关于如果您使用 HTTPS，您的 URL 参数会不会被嗅探?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！