发表新帖
发表新帖

Plain text password over HTTPS

后端 未结
关注
7 612
耶瑟儿~
耶瑟儿~ 2020-12-07 13:19

I\'m currently working on a PHP OpenID provider that will work over HTTPS (hence SSL encrypted).
Is it wrong for me to transmit the password as plain text? HTTP

7条回答
  • 北海茫月
    北海茫月 (楼主)
    2020-12-07 13:27

    You still need to make sure you send it via POST request, not GET. If you send it via GET request, it could be saved in plaintext in the user's browser history logs or the webserver's access logs.

    0 讨论(0)
 看不清?
提交回复
热议问题