开发者

which web path is secure https to http or the opposite?

开发者 https://www.devze.com 2023-03-12 13:22 出处:网络
Web A is https while Web B is http only Which path is secure? Reque开发者_JAVA技巧st from Web A to B or Web B to A?

Web A is https while Web B is http only

Which path is secure?

Reque开发者_JAVA技巧st from Web A to B or Web B to A?

I've been thinking which one should have a signature scheme and which is to be confident in TLS.


  • Request from A to B is not secure.
  • Request from B to A is secure.

In fact every WEB request made to https://... is secure.

This being said even a request from B to A might not be 100% secure. Because B was served over HTTP and it was not secure it means that the client has no way of ensuring that the contents comes from B. A Man-In-The-Middle could have replaced it with some other contents and thus in reality the final request might not be towards A but towards C (where C is evil).


to verify the authenticity of the request made, a signature is used if the channel is across non ssl pages

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号