doumi1311 2014-10-07 12:40
浏览 305
已采纳

使用UrlEncodedFormEntity发送密码

I was trying to send username and password over POST method in my android app. As I understand from the standard examples, we declare a UrlEncodedFormEntity object followed by a httpPost.setEntity(urlEncodedFormEntity)

My question is that is it considered "safe" to send passwords via this method (assuming that there is an encryption available)?

This is as I have also read posts saying that one should not send passwords via the GET method, as it may be encoded into the URL string. If so, does the UrlEncodedFormEntity do the same thing? (By the wording URL encoded).

My networking knowledge is rather fuzzy and thanks all for the help.

  • 写回答

2条回答 默认 最新

  • dongzhuang6417 2014-10-07 19:55
    关注

    My question is that is it considered "safe" to send passwords via this method (assuming that there is an encryption available)?

    Yes, if your URL is HTTPS and you do not connect if an untrusted certificate is presented.

    This is as I have also read posts saying that one should not send passwords via the GET method, as it may be encoded into the URL string. If so, does the UrlEncodedFormEntity do the same thing?

    No, the POST method sends the data in the message body unlike GET in which the data is transmitted in the URL. Even though both GET and POST data is encrypted if the URL is HTTPS, GET data in the query string is logged by default on load balancers, servers, corporate proxies, etc, so for this reason it is safer to use POST.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 活动选择题。最多可以参加几个项目?
  • ¥15 飞机曲面部件如机翼,壁板等具体的孔位模型
  • ¥15 vs2019中数据导出问题
  • ¥20 云服务Linux系统TCP-MSS值修改?
  • ¥20 关于#单片机#的问题:项目:使用模拟iic与ov2640通讯环境:F407问题:读取的ID号总是0xff,自己调了调发现在读从机数据时,SDA线上并未有信号变化(语言-c语言)
  • ¥20 怎么在stm32门禁成品上增加查询记录功能
  • ¥15 Source insight编写代码后使用CCS5.2版本import之后,代码跳到注释行里面
  • ¥50 NT4.0系统 STOP:0X0000007B
  • ¥15 想问一下stata17中这段代码哪里有问题呀
  • ¥15 flink cdc无法实时同步mysql数据