问题
I have a login JSP which takes username / password from the user in text boxes and on submit it forwards the username/password parameters to Login Servlet using POST method.
Now I am using Paros Proxy in between (as Man-In-The-Middle attack) to trap the parameters. The parameters received from JSP are captured in Paros as plain text.
Is there any specific method provided by Java standard API which we can use to encrypt these parameters such a way that:
Even if the parameters are captured by Paros Proxy, it may not be able to display in plain text.
Servlet do not have to decrypt it.
How can I achieve this?
回答1:
Use SSL to protect your data from being sniffable. If you require that no decoding (probably meaning decrypting) is to be performed on the server side, I cannot think of any other way.
来源:https://stackoverflow.com/questions/12277511/encrypt-http-post-parameters-from-jsp-to-servlet