我使用PHP来请求一些使用没有安装SSL的外部SOAP API服务的东西。 在使用SSL进行安全保护的开发服务器上进行测试时,一切正常。
我的问题是:如果我在网站上安装了SSL证书,我正在运行php SOAP请求,我的https站点是否会接受来自http web服务的响应,还是会将其标记为不安全?
I'm using PHP to request some stuff using an external SOAP api service that does NOT have an SSL installed. During testing on a development server which is also not secured with an SSL, everything is fine.
My question is: if I install an SSL certificate on the site I am running the php SOAP requests, would my https site accept the response back from the http web service or would it flag it as insecure?
最满意答案
简短的回答:是的,你可以。
您正在创建一个门面模式,您的服务在其自己的门面下隐藏另一个服务电话。
它安全吗? 那么这取决于您从其他网站请求的信息。 如果您的Web服务请求天气数据,那么使用HTTP时没有问题,如果它是敏感的私人信息,那么HTTPS是必须的。 HTTP和HTTPS在本质上是完全相同的,除了HTTPS是使用PKI证书加密的正常HTTP流量之外。
如果你的代码没有检查安全性,我不认为这会引发异常。 从技术的观点来看,你所做的并不是特例,但根据所交换的信息,它可能是一种不同的情况。
Short answer: Yes you can.
You are creating a facade pattern where your service hide another service call under its own facade.
Is it secure? Well it depends on the information you are requesting from the other site. If your web service requested weather data then there is no problem using HTTP if it was sensitive private information then HTTPS is a must. HTTP and HTTPS are identical in nature nothing special between them except that HTTPS is normal HTTP traffic encrypted using PKI certificates.
If your code does not check for security I dont think this is going to raise an exception at all. What you are doing is not exceptional from a technology view point but it could be a different situation depending on the information exchanged.
更多推荐
发布评论