如何通过GET / POST发送安全密码？ [英] How to send securely passwords via GET/POST?

问题描述

我想在Java中发送HTTPS请求，并在GET或POST数据中发送密码。它安全吗？我可以在POST / GET字段中以纯文本形式输入密码，并且在使用https时可以保护密码？或者我应该做更多的事情？

解决方案

通常的做法是将身份验证用户名和密码作为Base64编码授权标头发送。

Base64编码不是加密。您仍然必须确保SSL / https。

Base64编解码器是确保路由器，交换机和其他网络中介机构的永久性和其他特性不将密码或任何二进制数据转换成网络云。

编解码器通过将二进制数据流感知为一系列单独的文本字符来工作。但字符不是8位，而是6位。使用的64个文本字符是通常的A-Z，a，z，0-9，+，/。使用A的值为0和/的值为63.

http认证头文件通常具有以下基本认证格式：

授权：基本base64编码的用户名密码

其中base64编码的用户名密码有布局用户名：密码传递给base64编码器是一个Java util类，btw）。

http ：//en.wikipedia.org/wiki/HTTP_header 。

http://en.wikipedia.org/wiki/Base_64 。

I want to send HTTPS request in Java and send password in GET or POST data. Is it secure? Can I just put password in POST/GET field as a plain text and that will be secured when I use https? Or should I do something more?

解决方案

The usual practice is to send your authentication username+password as the Base64 encoded Authorization header.

Base64 encoding is not encryption. You still have to ensure it goes thro SSL/https.

Base64 codec is a means to ensure that endianess and other idiosyncrasies of routers, switches, and other network intermediaries do not transform the password or any binary data to be transported thro the cloud of networks.

The codec works by perceiving a stream of binary data as being a train of individual text characters. But the characters are not 8-bit but 6-bit. The 64 text characters used are the usual A-Z,a,z,0-9,+,/. With A having the value 0 and / having the value 63.

The http authentication header usually has this basic authentication format:

Authorization: Basic base64-encoded-username-password

Where base64-encoded-username-password has the layout username:password passed thro the base64 encoder (which is a Java util class, btw).

http://en.wikipedia.org/wiki/HTTP_header.

http://en.wikipedia.org/wiki/Base_64.

这篇关于如何通过GET / POST发送安全密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！