问题
I've been reading through a number of questions on this site regarding NSURLConnection and https, but most relate to "untrusted" certificates and how to allow them nonetheless. My question is a little more basic. I am building an app for a client who handle online donations, and I would like to load their donation script using an NSLURLRequest and POST the values of credit card details (entered in the app). Does NSURLConnection (when connecting to a https url) ensure the encryption of those details as they are sent to the donation script on my clients server? Sorry if this is a basic question, I just couldn't find a place in the apple docs that guaranteed this.
回答1:
Requiring trusted certificates prevents impersonation and man-in-the-middle attacks. The encryption will be as secure as the server requires.
回答2:
Yes, if you are using HTTPS authentication all communication to the server is encrypted.
Try to be sure the server side is not storing the credit card information ANYWHERE, even temp directories. It is far, far more likely the server will be hacked and credit cards taken that way than anyone would intercept iPhone traffic.
来源:https://stackoverflow.com/questions/2940849/how-secure-is-nsurlconnection-over-https