如何保证通过cURL发送帖子数据？ [英] How to secure sending Post data through cURL?

问题描述

我使用客户端URL发送POST数据。链接到来源： http://hayageek.com/php-curl-post -get /＃curl-post 。代码如下：

I'm using Client URL to send POST data. Link to the source: http://hayageek.com/php-curl-post-get/#curl-post. The code is as following:

<?php
function httpPost($url,$params){
  $postData = '';
   //create name value pairs seperated by &
   foreach($params as $k => $v){
      $postData .= $k . '='.$v.'&';
   }
rtrim($postData, '&');
$ch = curl_init(); 

curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_POST, count($postData));
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);   

$output=curl_exec($ch);

curl_close($ch);
return $output;

}

$params = array(
   "name" => "Ravishanker Kusuma",
   "age" => "32",
   "location" => "India"
);

echo httpPost("http://www.jmediatechnology.eu/script.php",$params);
?>

我想知道这种方法是否可以防止劫持或任何其他安全问题。

I want to know wether this method is safe from hijacking or any other security issues.

推荐答案

您正在发送一个简单的HTTP请求。如果任何人在网络上处于适当的位置以拦截请求，则他对他来说都是清楚可见的。您必须：

You are sending a plain HTTP request. If anybody is in an appropriate position on the network to intercept the request, it's all plainly visible to him. You have to either:

1. 使用HTTPS。


2. 将您自己的加密方案作为

我希望很明显你真的很喜欢希望选项1.说了，使用HTTPS不是绝对的保证，你是安全（无论什么定义安全，你想应用）。如果使用正确，HTTPS有效地保护传输中的数据免受第三方窥探。但这并不意味着你的系统的其余部分是安全的，你在其他地方没有任何明显的安全漏洞。

I hope it's pretty obvious that you really want option 1. Having said that, using HTTPS is not an absolute guarantee that you're "safe" (for whatever definition of "safe" you want to apply). If used correctly, HTTPS effectively protects data in transit from snooping 3rd parties. But that doesn't mean the whole rest of your system is safe and that you don't have any glaring security holes elsewhere.

这篇关于如何保证通过cURL发送帖子数据？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！