问题描述

考虑一个场景，用户在页面的表单元素中输入用户身份验证（用户名和密码），然后提交。 POST数据通过HTTPS发送到新页面（php代码将检查凭据）。现在，如果一个黑客坐在网络中，并说可以访问所有流量，那么在这种情况下，应用层安全性（HTTPS）是否足够？我的意思是，是否有足够的URL加密或是否需要具有传输层安全性？

Consider a scenario, where user authentication (username and password) is entered by the user in the page's form element, which is then submitted. The POST data is sent via HTTPS to a new page (where the php code will check for the credentials). Now if a hacker sits in the network, and say has access to all the traffic, is the Application layer security (HTTPS) enough in this case ? I mean, would there be adequate URL encryption or is there a need to have Transport Layer security ?

推荐答案

是的，一切（包括URL）正在通过加密通道。反派唯一能找到的就是你要连接的服务器的IP地址，以及你使用的是HTTPS。

Yes, everything (including the URL) is going through the encrypted channel. The only thing that the villain would find out is the IP address of the server you are connecting to, and that you are using HTTPS.

好吧，如果他正在监控你的DNS请求也是如此，他也可能知道IP地址的域名。但就是这样，路径，查询参数和其他所有内容都被加密了。

Well, if he was monitoring your DNS requests as well, he might also know the domain name of the IP address. But just that, the path, query parameters, and everything else is encrypted.

这篇关于POST数据加密 - HTTPS足够吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！