HTTPS (HTTP + SSL) 中的查询字符串参数是否安全? [英] Are querystring parameters secure in HTTPS (HTTP + SSL)?

问题描述

查询字符串参数在与请求一起发送时是否会在 HTTPS 中加密?

Do querystring parameters get encrypted in HTTPS when sent with a request?

推荐答案

是的.查询字符串也使用 SSL 加密.尽管如此，正如这篇文章 显示，将敏感信息放在 URL 中并不是一个好主意.例如:

Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn't a good idea to put sensitive information in the URL. For example:

URL 存储在 Web 服务器日志中 -通常是每个的整个 URL请求存储在服务器日志中.这意味着任何敏感数据URL(例如密码)正在以明文形式保存在服务器上

URLs are stored in web server logs - typically the whole URL of each request is stored in a server log. This means that any sensitive data in the URL (e.g. a password) is being saved in clear text on the server

这篇关于HTTPS (HTTP + SSL) 中的查询字符串参数是否安全?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！