从 HTTP 表单提交到 HTTPS 是否安全? [英] Is it secure to submit from a HTTP form to HTTPS?
问题描述
是否可以通过 https 从 http 表单提交?看起来它应该是安全的,但它允许中间人攻击(这里有一个很好的讨论).有像 mint.com 这样的网站,它们允许您从 http 页面登录,但会发送 https 帖子.在我的网站中,请求是有一个 http 登录页面,但能够安全登录.是否不值得冒可能的安全风险,我是否应该让所有用户都转到安全页面进行登录(或确保登录页面安全)?
Is it acceptable to submit from an http form through https? It seems like it should be secure, but it allows for a man in the middle attack (here is a good discussion). There are sites like mint.com that allow you to sign-in from an http page but does an https post. In my site, the request is to have an http landing page but be able to login securely. Is it not worth the possible security risk and should I just make all users go to a secure page to login (or make the landing page secure)?
推荐答案
是否有任何理由不在整个交易中使用 HTTPS?如果你找不到很好的,就用它!
Is there any reason not to use HTTPS for the entire transaction? If you can't find a very good one, use it!
可以说这比切换协议更简单.
It's arguably simpler than switching protocols.
中间人风险是真实存在的.
The MITM risk is real.
点击您的链接后,用户Helios"提出了一个很好的观点,即使用 100% HTTPS 不会让用户感到困惑.
Following your link, the user "Helios" makes an excellent point that using 100% HTTPS is far less confusing to the user.
这篇关于从 HTTP 表单提交到 HTTPS 是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
