通过https从http表单提交是否可以接受?它似乎应该是安全的,但它允许一个人在中间攻击(这是一个很好的讨论)。 mint 等网站允许您从http网页登录,但会执行https发布。在我的网站中,请求是具有http登录页面,但能够安全登录。是否值得冒可能的安全风险,我应该让所有用户进入安全页面登录(或使登陆页面安全)?
Is it acceptable to submit from an http form through https? It seems like it should be secure, but it allows for a man in the middle attack (here is a good discussion). There are sites like mint that allow you to sign-in from an http page but does an https post. In my site, the request is to have an http landing page but be able to login securely. Is it not worth the possible security risk and should I just make all users go to a secure page to login (or make the landing page secure)?
推荐答案是否有任何理由在整个交易中使用HTTPS?如果你找不到一个好的,请使用它!
Is there any reason not to use HTTPS for the entire transaction? If you can't find a very good one, use it!
-
它可以说比切换协议简单。
It's arguably simpler than switching protocols.
MITM风险是真实的。
The MITM risk is real.
点击链接后,Helios用户表现出色指出使用100%HTTPS对用户的影响要小得多。
Following your link, the user "Helios" makes an excellent point that using 100% HTTPS is far less confusing to the user.
更多推荐
从HTTP表单提交到HTTPS是否安全?
发布评论