通过邮政安全发送密码? [英] password sent via post secure?

问题描述

可能重复:
HTTP POST 的安全性如何?

假设我在 php 中有一个登录页面，用户需要输入他的姓名和密码.form method 在这种情况下是 post.

Suppose I have a login page in php where a user is required to enter his name and password. form method is post in this case.

现在有人(我的朋友)告诉我，输入并发送到服务器的信息(用户名和密码)可以通过获取生成的结果页面的标题来被黑客入侵.因此，您应该加密标头，这就是使用 HTTPS 的原因.

Now someone(my friend) told me that the information(username and password) that is entered and sent to the server can be hacked just by fetching the header of the resulting page generated. So you should encrypt the header and that is why HTTPS is used.

这对我来说没有意义，因为我认为通过 post 方法发送的信息(用户名和密码)是完全安全的，并且仅通过头部黑客攻击就无法访问用户名和密码.

This didn't make sense to me because I thought the information (username and password) sent via post method are completely secure and just by header hacking one cannot have access to to the username and password.

我的朋友说得对吗?如果没有，有没有办法为无法访问代码的人做这些事情?如何通过 HTTPS 发送我的私人信息(页面以 php 编码)?

Is my friend correct? If no is there any way to do such stuff for someone who has no access to the code? How can I send my private information via HTTPS (page to be coded in php)?

通过 get 方法的数据是通过 header 发送的.对?通过 post 的数据是否也通过标头发送?

Data through get method is sent via header. Right? Is data through post also sent via header?

推荐答案

不使用 SSL，通过 POST 发送的数据等价于通过 GET 发送的数据，或者换句话说，根本没有加密.

Without SSL, data sent through POST is equivalent to data sent through GET, or in other words, not encrypted at all.

这篇关于通过邮政安全发送密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！