Shulou(Shulou.com)06/02 Report--

The main content of this article is "how is the security of HTTPS URL parameters?" interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Next, let's let the editor take you to learn "how is the security of HTTPS URL parameters?"

Is it safe to pass parameters to HTTPS URL?

Can request parameters be securely passed through URL? Customers often ask this question when they see HTTPS requests in HttpWatch, and they also want to know who else can see the data.

For example, suppose we use the following URL to pass the password in the request query parameters.

Https://www.httpwatch.com/?password=mypassword

Because HttpWatch is integrated in the browser, you can see the data before SSL encryption.

Image

If you use a packet grabbing tool like Network Monitor, you will find that you can only see the encrypted data, not the requested URLs, Headers or Body at all.

Image

HTTPS is certainly safe as long as the following points are met.

Do not ignore any SSL certificate warnings

Secure the private key used to initialize the SSL connection

Therefore, from a network perspective, the URL parameter must be secure. However, there are other places where data on URL may be leaked:

Web server logs are stored. URLs:URL is generally stored in logs, which means that any sensitive data (such as passwords) is stored in clear text. Here is a line of logs:

2009-02-20 10:18:27 W3SVC4326 WWW 208.101.31.210 GET / Default.htm password=mypassword 443.

It is not a good thing to store passwords in plain text anywhere.

The history of the browser stores the URLs: here is the history of the IE browser, and you can see the URL parameter.

Image

URLs can be passed through the HTTP Referrer header: when resources such as js, images, and so on are used in the page, the Referrer attribute of the request header is passed together. Sometimes, query parameters on URL may be passed to a third-party site and stored. In the HttpWatch, you can see that in the Google Analytics request, the URL passed through the Referer header has a password.

Image

Summary: it is certainly no problem for HTTPS to pass query parameters, but do not use it to pass sensitive information that may cause security problems.

At this point, I believe you have a deeper understanding of "how is the security of HTTPS URL parameters?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.