AppScan漏洞扫描之-已解密的登录请求

AppScan漏洞扫描之-已解密的登录请求

 

解决方案:

            采用https通信。

            1.生成证书

            

keytool -genkey -alias uc -keyalg RSA -keystore F:uc.keystore -validity 36500

            2.配置tomcat(版本8.0)

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" keystoreFile="/usr/local/tomcat/conf/tomcat.keystore" keystorePass="123456" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" />

            禁用http。