简单的 HTTPS 到 PHP 脚本
这是我的场景:
我有一个使用 php、mySQL 的网站。我有一个软件应用程序,它有一个登录屏幕,并通过 http: 通过网络发送用户名和密码:
public String GetWebPageSource(String pURL)
{
try
{
byte[] vReceivedBytes = null;
using (System.Net.WebClient vWebClient = new System.Net.WebClient())
{
vReceivedBytes = vWebClient.DownloadData(pURL);
}
int vBomLen = 3;
byte[] vStrippedBytes = new byte[vReceivedBytes.Length - vBomLen];
Array.Copy(vReceivedBytes, vBomLen, vStrippedBytes, 0, vReceivedBytes.Length - vBomLen);
return System.Text.Encoding.UTF8.GetString(vStrippedBytes);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return null;
}
}
因此,要发送用户名和密码,我会写:
GetWebPageSource("http://mywebsite.com/Login.php?username=stackoverflow& ;password=iscool")
并且 php 文件会输出一些文本,说明密码是被接受还是被拒绝。
然而这并不安全。所以我想让它安全...... https。集成 https 有多容易?代码会改变多少?我需要处理多少?什么对我来说是透明的。我是否必须检查 cookie 是否已存在,如果没有,请编写身份验证方法,或者是否已提供可以为我执行此操作的库?
here is my scenario:
I have a website with php, mySQL. I have a software application that has a login screen and sends usernames and passwords over the web by http:
public String GetWebPageSource(String pURL)
{
try
{
byte[] vReceivedBytes = null;
using (System.Net.WebClient vWebClient = new System.Net.WebClient())
{
vReceivedBytes = vWebClient.DownloadData(pURL);
}
int vBomLen = 3;
byte[] vStrippedBytes = new byte[vReceivedBytes.Length - vBomLen];
Array.Copy(vReceivedBytes, vBomLen, vStrippedBytes, 0, vReceivedBytes.Length - vBomLen);
return System.Text.Encoding.UTF8.GetString(vStrippedBytes);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
return null;
}
}
So to send a username and password I would write:
GetWebPageSource("http://mywebsite.com/Login.php?username=stackoverflow&password=iscool")
and the php file would spit out some text saying whether the password is accepted or denied.
However this is NOT secure. So I want to make it secure... https. How easy is it to integrate https? How much will the code change? How much do I have to handle? What is transparent to me. Do I have to check if a cookie already exists and if not write the methods for authentication or is there librarys already provided that will do it for me?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
从编程的角度来看,使用 http 或 https 调用 php 脚本没有任何区别。只需配置 apache(或任何其他 Web 服务器)来处理 https(尤其是获取证书)即可。
For programming point of view, calling an php script using http or https doesn't make any difference. It's just a matter of configuring apache (or any other web server) to handle https (most notably obtaining a certificate).
简而言之,您需要将 Web 服务器配置为使用 TLS/SSL。您的网站使用哪种服务器端语言并不重要。
一般来说,服务器端脚本将在成功验证时设置 cookie/会话,然后仅检查 cookie 或会话数据以了解需要经过身份验证的用户的任何操作。通过正确配置的服务器,身份验证的加密由服务器和客户端浏览器自动处理。
我还建议使用调试代理并在身份验证步骤期间观察服务器的请求/响应。这将向您显示您是否确实拥有安全连接。
In a nutshell, you'll want to configure the web server to use TLS/SSL. It doesn't really matter which server-side language you're using for your site.
In general, the server side scripts will set a cookie/session on successful authentication, and then just check the cookie or session data for any actions that require an authenticated user. With a properly configured server, the encryption of the authentication is handled automatically by the server and the client's browser.
I also recommend using a debugging proxy and watching the requests/responses to and from the server during the authentication steps. This'll show you whether or not you actually have a secure connection.