HTTP基本身份验证凭据在URL和加密中传递 [英] HTTP Basic Authentication credentials passed in URL and encryption

问题描述

我对HTTPS和HTTP身份验证凭据有疑问。

I have a question about HTTPS and HTTP Authentication credentials.

假设我使用HTTP身份验证保护网址：

Suppose I secure a URL with HTTP Authentication:

<Directory /var/www/webcallback>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /var/www/passwd/passwords
Require user gooduser
</Directory>

然后，我通过HTTPS从远程系统访问该URL，并在URL中传递凭据：

I then access that URL from a remote system via HTTPS, passing the credentials in the URL:

https://gooduser:secretpassword@www.example.com/webcallback?foo=bar

用户名和密码是否会自动进行SSL加密？ GET和POST也是如此吗？我很难找到这个信息的可靠来源。

Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs? I'm having a hard time locating a credible source with this information.

推荐答案

请问用户名和密码自动进行SSL加密？对于GET和POST也是如此

Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs

是，是是。

当SSL正在使用时，整个通信（如果主机名的IP尚未缓存，则保存为DNS查找）。

The entire communication (save for the DNS lookup if the IP for the hostname isn't already cached) is encrypted when SSL is in use.

这篇关于HTTP基本身份验证凭据在URL和加密中传递的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！