禁止第三方读取硬件

When you’re securely visiting a website via https:// the data sent between the server and your browser is encrypted but what about the URLs you’re visiting within the site? Can your ISP or other third party observer see what you’re looking at?

当您通过https：//安全访问网站时，服务器和浏览器之间发送的数据已加密，但是您在网站内访问的URL呢？ 您的ISP或其他第三方观察者可以看到您在看什么吗？

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

今天的“问答”环节由SuperUser提供，它是Stack Exchange的一个分支，该社区是由社区驱动的Q＆A网站分组。

问题 (The Question)

An anonymous SuperUser reader wants to know if their browsing sessions are completely secure:

匿名的SuperUser阅读器想要知道他们的浏览会话是否完全安全：

We all know that HTTPS encrypts the connection between the computer and the server so that it cannot be viewed by a third party. However, can the ISP or a third party see the exact link of the page the user accessed?

我们都知道HTTPS加密计算机和服务器之间的连接，以使第三方无法查看它。 但是，ISP或第三方能否看到用户访问的页面的确切链接？

For example, I visit:

例如，我访问：

https://www.website.com/data/abc.html

https://www.website.com/data/abc.html

Will the ISP know that I accessed */data/abc.html or just know that I visited the IP of www.website.com?

ISP是否会知道我已访问* / data / abc.html或仅知道我已访问www.website.com的IP？

If they know, then why does Wikipedia and Google have HTTPS when someone can just read the internet logs and find out the exact content the user viewed?

如果他们知道，那么当人们仅能阅读Internet日志并找出用户查看的确切内容时，为什么Wikipedia和Google具有HTTPS？

An interesting question that certainly has implications for personal privacy. Let’s investigate.

一个有趣的问题肯定会对个人隐私产生影响。 让我们调查一下。

答案 (The Answer)

SuperUser contributor Grawity offers a very concise overview of how the full URL is processed along the way:

超级用户贡献者Grawity简要概述了完整URL的处理方式：

From left to right:

从左到右：

The schema https: is, obviously, interpreted by the browser.

模式 https:显然是由浏览器解释的。

The domain name www.website.com is resolved to an IP address using DNS. Your ISP will see the DNS request for this domain, and the response.

使用DNS将域名 www.website.com解析为IP地址。 您的ISP 将看到该域的DNS请求和响应。

The path /data/abc.html is sent in the HTTP request. If you use HTTPS, it will be encrypted along with the rest of the HTTP request and response.

路径 /data/abc.html是在HTTP请求中发送的。 如果使用HTTPS，它将与其他HTTP请求和响应一起被加密 。

The query string ?this=that, if present in the URL, is sent in the HTTP request – together with the path. So it’s also encrypted.

查询字符串 ?this=that (如果存在于URL中)将与路径一起在HTTP请求中发送。 因此它也是加密的。

The fragment #there, if present, is not sent anywhere – it’s interpreted by the browser (sometimes by JavaScript on the returned page).

#there 片段 (如果存在)不会发送到任何地方-由浏览器解释(有时由返回页面上JavaScript解释)。

In short, everything to the right of the domain name is encrypted by the HTTPS session and remains invisible to your ISP or anyone else peeking in your activities.

简而言之，域名右边的所有内容均由HTTPS会话加密，并且对您的ISP或其他窥视您的活动的人仍然不可见。

Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out .

有什么补充说明吗？ 在评论中听起来不对。 是否想从其他精通Stack Exchange的用户那里获得更多答案？ 查看 。

翻译自:

禁止第三方读取硬件