web接口加密保证安全_什么是HTTPS？安全的Web浏览和浏览器加密指南

最新推荐文章于 2023-05-03 20:34:38 发布

cumian8165

最新推荐文章于 2023-05-03 20:34:38 发布

阅读量843

点赞数

文章标签： http https java 安全网络

原文链接：https://www.freecodecamp.org/news/what-is-https-a-guide-to-secure-web-browsing-and-browser-encryption/

版权

web接口加密保证安全

You may have noticed the "https" at the beginning of a URL. Or you may have noticed a lock in the URL bar of your browser.

您可能已经注意到URL开头的“ https”。或者您可能已经注意到浏览器的URL栏中有一个锁定。

What does "https" mean? What does the lock icon in your browser mean? These things are key to secure web browsing. In this article, you will learn all about secure web browsing and browser encryption.

“ https”是什么意思？浏览器中的锁定图标是什么意思？这些都是确保Web浏览安全的关键。在本文中，您将学习有关安全Web浏览和浏览器加密的所有信息。

The "S" in "HTTPS" stands for Secure. Let's first learn what HTTP" is.

“ HTTPS”中的“ S”代表Secure 。让我们首先学习什么是HTTP“。

什么是HTTP？ (What is HTTP?)

HTTP (which stands for HyperText Transfer Protocol) is a network protocol. It tells web browsers how to connect to web pages and other documents across the internet. It is connectionless, which means that a new connection is made every time a browser has to load a new file or element.

HTTP(代表超文本传输协议)是一种网络协议。它告诉Web浏览器如何通过Internet连接到网页和其他文档。它是无连接的，这意味着每次浏览器必须加载新文件或元素时都会建立新连接。

If you type a website URL into your browser, the browser will send an HTTP request to the server hosting the website. The server will then send back the requested web page, sending each part (i.e. images, text, styles) separately.

如果在浏览器中键入网站URL，浏览器将向托管该网站的服务器发送HTTP请求。然后，服务器将发回请求的网页，分别发送每个部分(即图像，文本，样式)。

There is a major problem with HTTP, however. The information transmitted using the HTTP is not encrypted at all. Anyone that knows how can watch the traffic and see all the data transmitted. That includes usernames and passwords!

但是，HTTP存在一个主要问题。使用HTTP传输的信息完全未加密。任何知道如何查看流量并查看所有传输数据的人。其中包括用户名和密码！

HTTPS secures and encrypts the entire process.

HTTPS保护和加密整个过程。

什么是HTTPS？ (What is HTTPS?)

HTTPS (HypterText Transfer Protocal Secure) ensures secure communication between a browser and web server. It encrypts every data packet sent using either SSL or TLS encryption. Without this additional security, any information you enter into a site will be sent in plaintext and could potentially be seen by someone trying to hack your data.

HTTPS(超文本传输协议安全)可确保浏览器与Web服务器之间的安全通信。它使用SSL或TLS加密对发送的每个数据包进行加密。没有这种额外的安全性，您输入到站点的任何信息都将以纯文本形式发送，并且可能会被试图入侵您的数据的人看到。

TLS is newer and more secure than SSL, and is what most HTTPS sites use. TLS will make sure both parties are who they say they are. It also makes sure the data sent has not been tampered with.

TLS比SSL更新，更安全，这是大多数HTTPS站点所使用的。 TLS将确保双方都是他们所说的人。它还可以确保发送的数据未被篡改。

TLS uses asymmetric encryption to create a link between the user and the server using private/public keys. These key are like a lock and key set. One encrypts the data with a lock and the person decrypts the data with a key.

TLS使用非对称加密使用私钥/公钥在用户和服务器之间创建链接。这些钥匙就像锁和钥匙组。一个人用一把锁加密数据，而人用一把钥匙解密数据。

The servers switch to symmetric encryption after the session begins because it is faster and can transmit larger amounts of data. Instead of using a public/private key, symmetric encryption uses a shared secret. It is like talking to someone in a room that no one else knows about. Since the room is secret, you don't have to worry that other people will be in the room and hear what you are talking about.

会话开始后，服务器将切换到对称加密，因为它速度更快并且可以传输大量数据。对称加密不是使用公用/专用密钥，而是使用共享机密。就像在一个没人知道的房间里和某人说话。由于会议室是秘密的，因此您不必担心其他人会在会议室中并听到您在说什么。

Most sites today use HTTPS instead of HTTP since there are major advantages and few disadvantages.

如今，大多数站点使用HTTPS而不是HTTP，因为它具有主要的优点和缺点。

Before submitting any confidential information such as passwords, you should always make sure the site is using HTTPS.

在提交任何机密信息(例如密码)之前，您应始终确保该站点正在使用HTTPS。

Most web browsers will show a lock icon to the left of the URL to indicate the site is secure. Also, most browsers will also warn users with a 'not secure' warning in the site is not using HTTPS.

大多数网络浏览器会在URL的左侧显示一个锁定图标，以指示该站点是安全的。此外，大多数浏览器还会在站点未使用HTTPS时向用户发出“不安全”警告，警告用户。

虚拟专用网 (Virtual Private Networks)

Even with HTTPS enabled, ISPs will still know what websites you’re visiting, even if they don’t know what you’re doing there.

即使启用了HTTPS，ISP也仍然知道您正在访问的网站，即使他们不知道您在做什么。

And just knowing where you’re going — the “metadata” of your web activity — gives ISPs a lot of information they can sell.

仅知道您要去往何处(网络活动的“元数据”)，即可为ISP提供很多可以出售的信息。

So if you want to take security to the next level, consider using a Virtual Private Network (VPN). VPNs will encrypt everything, including what websites you visit. For more info on VPNs and how to set one up, check out this article by Quincy Larson.

因此，如果您想将安全性提高到一个新的水平，请考虑使用虚拟专用网(VPN)。 VPN将加密所有内容，包括您访问的网站。有关VPN以及如何设置的更多信息，请查看Quincy Larson的这篇文章。