发表新帖
发表新帖

Can one's post request data be sniffed?

前端 未结
关注
4 1690
独厮守ぢ
独厮守ぢ 2020-12-19 01:55

I apologize, I am new to this and assume that I will mix some terms up.

I am trying to setup Google clientLogin and I am worried about sending my private information

相关标签:
4条回答
  • 夕颜
    2020-12-19 02:28

    Generally speaking, everything over https is secure. Only standout exception I can think of (other than a compromised client/server) is making an SSL connection while using a shared (think internet cafe) network. While its rare, the nature of ssl connections makes it vulnerable to these types of attacks albeit, it doesn' make it 'script kiddie' easy-- just possible. [This is why many online banks will always do your mobile banking over 3/4g data and not wifi].

    An invalid certificate should make you suspicious, but is not a defacto "this connection is secure" badge. Certs only verify that the server you are contacting is run by the people identified on the cert and technically isn't required to establish a secure connection.

    0 讨论(0)
  • 抹茶落季
    2020-12-19 02:38

    It is an https connection. Meaning all data is encrypted.

    https is: HyperText Transfer Protocol Secure

    Just make sure the certificate is correct.

    The certificate makes sure that the other end of the line is who you think it is.

    For more info check out:

    http://en.wikipedia.org/wiki/HTTPS

    0 讨论(0)
  • 不思量自难忘°
    2020-12-19 02:48

    Yes, the post data is encrypted when you post over https. In fact, your entire request is encrypted.

    0 讨论(0)
  • 情深已故
    2020-12-19 02:53
    • HTTP requests go over the wire in plaintext - and thus can be sniffed easily.
    • HTTPS are HTTP requests made through the Secure Socket Layer (SSL), which provides data encryption between the client and the server, identifies the server, and (optionally) identifies the client.

    So, although it's possible to sniff the encrypted data, they can be considered secure while in transit - in other words, an attacker would not see the plaintext.

    There are various attacks on HTTPS, but the most common are easily detectable, e.g. if you get a certificate error on a HTTPS site that used to work normally, this may be a sign of an attempted attack. For additional reading, see the questions tagged SSL on security.stackexchange.com

    Long story short: POST over HTTPS is much more secure than over HTTP. (You still need to handle the data carefully on client- and server-side, HTTPS is a transport protection)

    See also: https://security.stackexchange.com/questions/5/does-an-established-ssl-connection-mean-a-line-is-really-secure

    0 讨论(0)
 看不清?
提交回复
热议问题