Comments (7)
我還有一個問題,代碼中client_id和client_secret放在header的authorization裏面,具體在代碼哪個地方實現這個功能呢
前端在header里加上就行,用拦截器或者你手动每个请求加什么的都是随你的
可以参考下mdn里的说明:https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Authentication
from youlai-mall.
@GuoHM 使用https传输URL上的参数都是加密的,其实担心所谓的安全就是在传输过程中用户名和密码信息被窃取
from youlai-mall.
@GuoHM 使用https传输URL上的参数都是加密的,其实担心所谓的安全就是在传输过程中用户名和密码信息被窃取
也就是說在https環境下是可以在request param直接傳輸密碼明文的嗎
from youlai-mall.
@GuoHM 嗯 从数据传输过程中被窃取的角度考虑安全问题使用https是无需担心的
from youlai-mall.
@GuoHM 嗯 从数据传输过程中被窃取的角度考虑安全问题使用https是无需担心的
好的謝謝
我還有一個問題,代碼中client_id和client_secret放在header的authorization裏面,具體在代碼哪個地方實現這個功能呢
from youlai-mall.
什么时候https能加密url了?
What information does HTTPS protect?
HTTPS encrypts nearly all information sent between a client and a web service.
For example, an unencrypted HTTP request reveals not just the body of the request, but the full URL, query string, and various HTTP headers about the client and request:
An encrypted HTTPS request protects most things:
This is the same for all HTTP methods (GET, POST, PUT, etc.). The URL path and query string parameters are encrypted, as are POST bodies.
refer: https://https.cio.gov/faq/
from youlai-mall.
什么时候https能加密url了?
What information does HTTPS protect?
HTTPS encrypts nearly all information sent between a client and a web service.
For example, an unencrypted HTTP request reveals not just the body of the request, but the full URL, query string, and various HTTP headers about the client and request:
An encrypted HTTPS request protects most things:
This is the same for all HTTP methods (GET, POST, PUT, etc.). The URL path and query string parameters are encrypted, as are POST bodies.refer: https://https.cio.gov/faq/
看来我一直理解错误
from youlai-mall.
Related Issues (20)
- 不更新了吗
- 本地启动中,auth服务和system服务问题 HOT 2
- 登录时报403错误 HOT 6
- [security vulnerability] Arbitrary User Information Access Vulnerability
- [security vulnerability] Arbitrary Order Detail Access Vulnerability
- [security vulnerability] Arbitrary Address Details Access Vulnerability
- [security vulnerability] Arbitrary Address Deletion Vulnerability
- 请问注销怎么实现呢? HOT 1
- [security vulnerability] Arbitrary Order Free delete
- [security vulnerability] Arbitrary Order Free Pay
- [security vulnerability] Arbitrary Address Update
- [sercurity vulnerability] sql inject
- Nacos启动报错
- 角色管理修改排序和状态无效
- 您好,请问下每个服务下对应都有两个模块api和boot,这样分模块是为什么呢 HOT 1
- common-log 怎么使用? HOT 2
- 这东西怎么填,不太会 HOT 1
- bug:There is no client authentication HOT 4
- 是否会增加模块——操作日志等
- 现在seata用的什么版本
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from youlai-mall.