密码通过邮件发送安全吗？ [英] password sent via post secure?

问题描述

可能存在重复：

HTTP POST有多安全？

假设我有一个在PHP登录页面，用户需要输入他的名字和密码。 form method 在这种情况下发布。

现在有人（我的朋友）告诉我，输入并发送到服务器的密码可以通过获取生成的结果页面的标题来破解。所以你应该加密头文件，这就是为什么使用HTTPS的原因。

这对我没有意义，因为我认为信息（用户名和密码）通过 post 方法是完全安全的，只需通过标头黑客就可以访问用户名和密码。

是我的朋友正确吗？如果没有任何方法可以为那些无法访问代码的人做这些事情？
如何通过HTTPS发送我的私人信息（页面用php编码）？

编辑：

通过 get 方法的数据通过标题发送。对？数据是否通过标题发送 post >？

解决方案

没有SSL，通过 POST 发送的数据相当于发送的数据通过 GET ，换句话说，根本不加密。

Possible Duplicate:
How secure is a HTTP POST?

Suppose I have a login page in php where a user is required to enter his name and password. form method is post in this case.

Now someone(my friend) told me that the information(username and password) that is entered and sent to the server can be hacked just by fetching the header of the resulting page generated. So you should encrypt the header and that is why HTTPS is used.

This didn't make sense to me because I thought the information (username and password) sent via post method are completely secure and just by header hacking one cannot have access to to the username and password.

Is my friend correct? If no is there any way to do such stuff for someone who has no access to the code? How can I send my private information via HTTPS (page to be coded in php)?

EDIT:

Data through get method is sent via header. Right? Is data through post also sent via header?

解决方案

Without SSL, data sent through POST is equivalent to data sent through GET, or in other words, not encrypted at all.

这篇关于密码通过邮件发送安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！