Python.requests 安全吗? [英] Are Python.requests safe?

问题描述

我即将使用 Python.requests 从我自己的在线 api 获取数据到我的本地电脑.我的 api 需要身份验证，现在只需发布用户/通行证即可完成:

I'm about to use Python.requests to get data from my own online api to my local pc. My api requires authentication which for now is done trough simply posting user/pass:

params = {'user': 'username', 'pass':'password'}

requests.post(url, params=params)

这个 requests 安全还是允许中间人捕获该用户/密码?

Are this requests safe or is it going to allow a middle-man to capture that user/pass?

P.S 我的 api 使用的是letsencrypt ssl 证书.Python 版本 3.7.0

P.S My api is using a letsencrypt ssl certificate. Python version 3.7.0

推荐答案

这与 python-requests 包无关，而是与 HTTP(和 HTTPS)协议有关.HTTP 是纯文本的，因此任何设法嗅探您的数据包的人都可以读取内容(因此用户名/密码对是明文).HTTPS 使用强加密，因此即使有人嗅探您的流量也很难破译它——当然，没有任何加密方案是 100% 安全的，但即使对 NSA 来说，目前解密 SSL 流量的成本也太高了.

this has nothing to do with the python-requests package, but with the HTTP (and HTTPS) protocols. HTTP is plain-text so anyone that manages to sniff your packets can read the content (hence the username/password pair in clear text). HTTPS uses strong encryption, so even someone sniffing your traffic will have a hard-time deciphering it - no encryption scheme is 100% safe of course but decrypting SSL traffic is currently way too costly even for the NSA.

IOW，使您的请求安全"的是使用 HTTPS 协议，而不是您用来编写客户端代码的 python(或不是 python)包.

IOW, what will make your requests "safe" is the use of the HTTPS protocol, not which python (or not python) package you use to write your client code.

这篇关于Python.requests 安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！