登錄密碼隱藏 about youlai-mall HOT 7 CLOSED

我還有一個問題，代碼中client_id和client_secret放在header的authorization裏面，具體在代碼哪個地方實現這個功能呢

前端在header里加上就行，用拦截器或者你手动每个请求加什么的都是随你的

可以参考下mdn里的说明：https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Authentication

from youlai-mall.

@GuoHM 使用https传输URL上的参数都是加密的，其实担心所谓的安全就是在传输过程中用户名和密码信息被窃取

from youlai-mall.

@GuoHM 使用https传输URL上的参数都是加密的，其实担心所谓的安全就是在传输过程中用户名和密码信息被窃取

也就是說在https環境下是可以在request param直接傳輸密碼明文的嗎

from youlai-mall.

@GuoHM 嗯 从数据传输过程中被窃取的角度考虑安全问题使用https是无需担心的

from youlai-mall.

@GuoHM 嗯 从数据传输过程中被窃取的角度考虑安全问题使用https是无需担心的
好的謝謝

我還有一個問題，代碼中client_id和client_secret放在header的authorization裏面，具體在代碼哪個地方實現這個功能呢

from youlai-mall.

什么时候https能加密url了？

What information does HTTPS protect?

HTTPS encrypts nearly all information sent between a client and a web service.

For example, an unencrypted HTTP request reveals not just the body of the request, but the full URL, query string, and various HTTP headers about the client and request:

An encrypted HTTPS request protects most things:

This is the same for all HTTP methods (GET, POST, PUT, etc.). The URL path and query string parameters are encrypted, as are POST bodies.

refer: https://https.cio.gov/faq/

from youlai-mall.

什么时候https能加密url了？

What information does HTTPS protect?

HTTPS encrypts nearly all information sent between a client and a web service.
For example, an unencrypted HTTP request reveals not just the body of the request, but the full URL, query string, and various HTTP headers about the client and request:

An encrypted HTTPS request protects most things:

This is the same for all HTTP methods (GET, POST, PUT, etc.). The URL path and query string parameters are encrypted, as are POST bodies.

refer: https://https.cio.gov/faq/

看来我一直理解错误

from youlai-mall.