{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 我只想做你的唯一 的问题《POST data encryption - Is HTTPS enough?》','https://www.manongdao.com/q-647527.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Consider a scenario, where user authentication (username and password) is entered by the user in the page's form element, which is then submitted. The POST data is sent via HTTPS to a new page (where the php code will check for the credentials). Now if a hacker sits in the network, and say has access to all the traffic, is the Application layer security (HTTPS) enough in this case ? I mean, would there be adequate URL encryption or is there a need to have Transport Layer security ?
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- PHP Recursively File Folder Scan Sorted by Modific
- Can php detect if javascript is on or not?
- Using similar_text and strpos together
HTTPS is sufficient "if" the client is secure. Otherwise someone can install a custom certificate and play man-in-the-middle.
As a web developer not much can be done other than disallowing HTTP requests. This can be done via mod_rewrite in Apache.
Yes. In an HTTPS only the handshake is done unencrypted, but even the HTTP GET/POST query's are done encrypted.
It is however impossible to hide to what server you are connecting, since he can see your packets he can see the IP address to where your packets go. If you want to hide this too you can use a proxy (though the hacker would know that you are sending to a proxy, but not where your packets go afterwards).
Yes, everything (including the URL) is going through the encrypted channel. The only thing that the villain would find out is the IP address of the server you are connecting to, and that you are using HTTPS.
Well, if he was monitoring your DNS requests as well, he might also know the domain name of the IP address. But just that, the path, query parameters, and everything else is encrypted.
Is adequate, because if it have access to all your traffic, doesn't matter what encryption protocol do you use, he can use man in the middle for both encryption protocols.