play-framework [2.0] HTTPS [英] play-framework [2.0] HTTPS
问题描述
我正在使用play framework 2.0在web服务器上工作,其中登录由我们正在制作的Android设备软件执行。主要关注的是我们在play 2.0中找不到任何对HTTPS的支持。感觉这是一个学校项目,我们不能用云或其他代理来解决我们的HTTPS。
i'me working on a web server using play framework 2.0, where the login is executed by a android device software we're also making. And are main concern is that we can't find any support for HTTPS in play 2.0. Sense this is a school project we can't aford clouds nor other proxy to solve the HTTPS for us.
我们的主要问题是请求正文中的密码和电子邮件,移动设备和服务器上的加密和解密看起来代价高昂照顾这个,我们想避免它。我们有什么方法可以使用HTTPS来保护用户登录数据或任何其他建议。
Our main problem is the password and email going in plain sight in the request's body, encrypting and decrypting in the mobile device and on the server looks costly in performance and sense HTTPS takes care of this we wanted to avoid it. Is there any way we can use HTTPS to protect the users login data, or any other suggestion.
如果不是,我们可能不得不将所有应用程序迁移到另一个框架,因为它不会看起来很好的重要机密数据通过互联网而不加密。
If not we might have to migrate all are application to another framework, because it wont look good important confidential data going through the internet without encryption.
推荐答案
从历史上看,我见过大多数人在某种反向代理后面运行Java / Scala应用服务器。在apache中设置HTTPS并不太难,然后只需使用ModProxy将请求内部发送到您的Play应用程序。
Historically, I've seen most folks run the Java/Scala application server behind a reverse proxy of some kind. Setting up HTTPS in apache isn't too hard, and then just use ModProxy to send requests internally to your Play application.
任何一个反向代理系统都可能会这样做这个,nginx也很受欢迎,并且通常比apache更容易配置,但我从未在HTTPS中使用它。
Any one of the reverse proxy systems can likely do this, nginx is popular too, and generally has easier configuration than apache, but I've never used it with HTTPS.
通常这样做的首要原因是安全性。您无法在端口80上以非特权用户身份启动Java程序。如果您在端口80上以root身份启动Java程序,则应用程序中的任何漏洞都具有root权限!因此,在另一个端口上启动Java应用程序,然后从可以作为端口80上的非主用用户运行的Web服务器反向代理。
The number one reason normally to do this is security. You can't start a Java program as a non privileged user on port 80. If you start your Java program as root running on port 80, then any hole in your application has root privileges! As a result, starting the Java app on another port, then reverse proxy from an web server that can run as a non-priveleged user on port 80.
(*)这有点过于简单,但对这种古怪的讨论超出了我的想法范围。
(*) This is a slightly over-simplified, but a discussion of this weirdness is beyond the scope of this I think.
这篇关于play-framework [2.0] HTTPS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
