- 2011.02.07
0 comentarios
¿Encripta HTTPS también las URLs?
Vale que para el que lo sepa será una tontá de pregunta, pero a mi me ha venido bien saber que:
The entire URL will be encrypted. When the web browser connects to the server, it connects to the appropriate IP address, starts encryption, and then sends the request (hostname, URL, parameters, form contents, etc.).
Note that the DNS lookup will not be encrypted, so anyone looking at your traffic can tell that you looked the domain up, even if they can’t tell what you sent or what came back. This may or may not be important in your case.
Everything in the HTTP message is encrypted, including the headers, and the request/response load. With the exception of the possible CCA cryptographic attack described in limitations section below, the attacker can only know the fact that a connection is taking place between the two, known to him, parties; the domain name and IP addresses
Vamos, que si, que primero se resuelve el dominio y una vez establecida la relación de confianza, se envÃa todo, todito, encriptado.
Ahora… pasar una contraseña en la URL por mucho que vaya encriptada sigue dando respeto como poco.
- En programación
- Tags: encriptación, https, seguridad,
