HTTPS作为表单的动作是否足够？ [英] Is HTTPS as the form's action enough?

问题描述

或者，承载表单的页面必须是（HTML）表单的动作是否足以让表单数据被SSL加密提交？ HTTPS以及？

解决方案

如果表单托管的页面不通过HTTPS提供，那么可以截取并修改它在路上。正常提交表单之前，这些修改可能包括更改表单操作或添加JavaScript以将数据发送给第三方。

提交表单通过HTTPS 不足足以保护数据。表单也需要这样交付。

Is HTTPS as the (HTML) form's action enough for the form data to be SSL encrypted for submission?

Or does the page that hosts the form have to be HTTPS as well?

解决方案

If the page the form is hosted on is not served over HTTPS, then it can be intercepted and modified en route. These modifications can include such things as changing the action of the form, or adding JavaScript to send the data to a third party before submitting the form as normal.

Submitting the form over HTTPS is not sufficient to protect the data. The form needs to be delivered that way too.

这篇关于HTTPS作为表单的动作是否足够？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！