开发者

How does web browsers transfer Passwords to origin servers?

My question is simple regarding password security..

As a web application developer using PHP for example, I may design a html form that accepts a username and password and post them to the webserver using the POST method..

My question is:

1- When a user enters a password for this form on a web browser, does this web 开发者_运维问答browser send the password over the network as plaintext and thus insecurely?

2-isn't it possible that the web browser saves all passwords and sends them to the third party that design the web browser?

Thank you in advance


  1. Yes, unless you're using https, which encrypts everything sent between the server and the client.
  2. Sure, but you could use a network sniffer to verify that the browser sends no information to third party servers.


  1. It's sent unencrypted (though possibly obfuscated) if you're using HTTP, or encrypted if you're using HTTPS.

  2. Any mainstream web browser won't do that, no. It would be discovered within seconds of the browser being released. However, it's possible for such a leak to occur by other means, for example:

    o A rogue browser plugin

    o A rogue proxy on the user's network (if you're using HTTP)

    o A keylogger on the user's machine

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜