just now on a whim, F12 opened the browser console when logging in to codeshelper and found that the password was transmitted in plaintext and felt incomprehensible.
just now on a whim, F12 opened the browser console when logging in to codeshelper and found that the password was transmitted in plaintext and felt incomprehensible.
your client and server establish a trusted link. After establishing a TCP link, the client and server initialize the SSL layer, communicate the encryption parameters, and exchange keys . After that, both sides can pass through. Therefore, the client and server of both sides of the https request know the key, so they can encrypt and decrypt the content, but in the process of transmission, the third party does not know the key, so it cannot be decrypted even if it is intercepted.
however, if you have ever used fiddler or charles to debug and replace online code, you will learn about a man-in-the-middle attack , which can be disguised as a client-server communication to steal the content of the communication (specifically, there are a lot of graphic articles under the search). For example, if you use an unsafe Wi-Fi or something, there will be this risk. Therefore, passwords and the like, especially those designed for money, should be encrypted separately.
Yes, because you sent it yourself, you saw the plaintext, others sent it, and you caught the ciphertext
.Previous: Can vue-router implement pushstate mode for query to transfer parameters?
Next: What happens when a http request is made to a https server?
devServer: { clientLogLevel: warning , https: true, } Page prompt is not safe after startup: Click to continue to the unsafe page to open the page. Why, and how to make this https service secure? ...
after the IPV6 channel applied for by tunnelbroker.net is configured on the server, the Apache configuration file is updated accordingly to see that port 443 rel= 80 is also monitored by Apache, and the IPv6 web server,http is tested to be normal throug...
OkHttp (retrofit 2.3.0) configure Https error (self-signed certificate) italic text : API 19: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb8876650: Failure in SSL library, usually a protocol ...
correct configuration of charles mobile phone installation of https certificate ssl agent correct configuration some https agents are normal, but some request agent requests are abnormal as shown in figure ssl proxying settings : excuse me, what may...
< H1 > problem description < H1 > is currently developing a Django project. If you want to use gunicorn as a http server, and then use nginx as a reverse proxy, you will eventually need to use https. my question is: can I run a statement like gun...
under the https protocol, the post request is cross-domain, the get request is not cross-domain, and the http protocol is fine. related codes ...
use openssl to automatically generate keys locally, and access tests show insecure connections. How to solve this problem? configuration file is as follows: server { listen 443; server_name localhost; **ssl on; ...
there is a site that has just successfully installed a free certificate for Let s Encrypt, and nginx has configured access to https. can now be accessed through both https and http. Some pages can be accessed both ways, but some pages can be accessed...
< H2 > problem description: < H2 > 1. Why can some https be caught and some https not? 2. How to prevent https from grabbing the bag? < H2 > Picture description: < H2 > ...
deploy web application, nginx is configured to http jump to https. the code of the application layer is not processed (default is http), but mixed content. appears on the visiting page referring to the picture, http--> https is valid (at least par...
the vue-cli project has been deployed to the formal environment. There is no address of 192.168.0.200 in the project. Access-Control-Allow-Origin has also been set up * , but this problem still occurs ....
after painstaking configuration, https, has been able to visit successfully. ,404 and using http to access, the interface can get the data? Why is that? Please give me some advice! ...
http page failed to send https request with ajax. Is there a good solution? ...
< H2 > I want to check the expiration time of the ca certificate in code. The following is my code, which can display the date, but it is not consistent with the actual due date < H2 >. I hope you Daniel can help me to see what the problem is. Than...
specific questions found that some people can not open my website https: miaoqiang.name, or open super slowly, or display the text on the page, the css style does not load that. the server is the server of Aliyun Hong Kong, and the certificate i...
use axios to send https requests. Certificate is a self-issued (Self Sign) error is reported by default: you need to manually open the browser and enter https: ., click Advanced, and then manually confirm "still connect ", that is, the certif...
server { listen 443; server_name www.yozann.com; ssl on; ssl_certificate usr local nginx conf 1_www.yozann.com_bundle.crt; ssl_certificate_key usr local nginx conf 2_www.yozann.com.key; ...
the following is the nginx configuration, and the restart did not report an error, but the 443 interface did not start. Want to know why? -sharpuser nobody; worker_processes 1; -sharperror_log logs error.log; -sharperror_log logs error.log notic...
WeChat Mini Programs, the backend changed the interface for uploading pictures. Said to use PUT to upload files. Check Mini Program s document, which says that the API uploads local resources to the developer server and the client initiates a HTTPS POST...
on the Internet, many methods of judging https are stereotyped. mainly judges reference links from $_ SERVER to https: blog.csdn.net river13.https: codeshelper.com q 10.. but now nginx has done reverse proxy $_ SERVER without the following p...