du42561 2016-10-11 12:23
浏览 55
已采纳

防止Asp.net应用程序在HTTP标头中显示密码

As the title goes I'm stuck with a problem. As whenever I login to my portfolio website and test it's http header through firebug NET option I find out that I can see my password in POST request. As I don't know how severe this venerability or not. but I'm quite confused regarding

  1. Why HTTP header shows POST fields
  2. Is it ok to go with it as i find out that Facebook hadn't done any work for this
  3. How to stop showing password post field in ASP.NET C# and PHP as i work on both domains
  4. As what i guess HTTP Header works on client side(Browsers) but What works on server side. (Pardon me for my idiocy but I'm quite curious )

Below is screenshot of my problem.

enter image description here

  • 写回答

1条回答 默认 最新

  • dsyk33753 2016-10-11 12:33
    关注

    The form post contains the password in the clear, but if a lower layer is encrypted, this doesn't matter. This is why login should always be conducted over a secure HTTPS connection.

    If you're allowing logins over insecure (HTTP) connections, your worries are justified. Get yourself a certificate and require HTTPS.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程