在前几天的“安全篇”中,我谈到了HTTPS,它使用SSL/TLS协议对整个通信过程进行加密,可以防止恶意窃听和篡改,保护我们的数据安全。
但HTTPS只是网络安全的一小部分,它只保证“通信链路安全”,让第三方无法得知传输的内容。 它在通信链路的两端、客户端和服务器端都没有提供保护。
因为 HTTP 是一个开放的协议,所有的 Web 服务都运行在公共网络上,任何人都可以访问它们,所以自然会成为黑k的攻击目标。
黑k的能力远比我们想象的要强大。 他们虽然不能操纵传输过程,但也可以“冒充”合法用户访问系统,然后伺机破坏。
(In the "security chapter" a few days ago, I talked about HTTPS, which uses SSL / TLS protocol to encrypt the whole communication process, which can prevent malicious eavesdropping and tampering and protect our data security.But HTTPS is only a small part of network security. It only ensures "communication link security", so that the third party cannot know the transmitted content. It does not provide protection at both ends of the communication link, client and server.Because HTTP is an open protocol, all web services run on the public network and anyone can access them, so it will naturally become the target of hackers.The ability of hackers is far more powerful than we think. Although they cannot manipulate the transmission process, they can also "impersonate" legitimate users to access the system and wait for the opportunity to destroy it.)