Encrypting Parameters in URLs

寵の児 提交于 2019-12-23 02:53:22

问题


I have a URL that looks like this:

http://localhost:8001/jasperserver&reportUnit=somereport&username=cghan&password=somepasswrd

As you can see, the password is in clear site, along with some other parameters.

What's the best way to secure this?


回答1:


Set the method of the FORM (in HTML) to POST. That way attributes won't be shown in the URL (they can be retrieved exactly the same way).

Anyway, for anyone with a sniffer, it will make little difference. If it is really important, force the server to use only HTTPS.




回答2:


Use SSL encryption, i.e. HTTPS. This makes it encrypted for everyone on the internet but it is still readable on the address bar.

It is not recommended to send password parameters through URL, e.g. HTTP POST. You should send password as HTTP POST.



来源:https://stackoverflow.com/questions/5533162/encrypting-parameters-in-urls

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!