0

I am wondering if using URLSeassion to make HTTP calls is secure. Specifically, for example if I send out a POST call with a data task using a body of Data coming from a serialized dictionary like this [“name”:”Ken”] in Swift, will the POST call be able to be sniffed? Is the POST going out in a way you can just use Charles for example and read it back?

I thought that using HTTPS would prevent that, but I am not sure how to properly think about this.

zumzum
  • 17,984
  • 26
  • 111
  • 172
  • HTTP is totally sniffable. That is _why_ there is HTTPS. – matt Aug 10 '18 at 01:18
  • Ok, so if I use HTTPS the data can not be “understood”... it’s encrypted during transmission? – zumzum Aug 10 '18 at 01:20
  • 1
    Read the link. That's what it's for... – matt Aug 10 '18 at 01:21
  • With SSL the encryption is at the transport level, so it takes place before a request is sent. HTTPS (HTTP over SSL) sends all HTTP content over a SSL tunel, so HTTP content and headers are encrypted as well. Everything in the HTTPS message is encrypted, including the headers, and the request/response load. – zumzum Aug 10 '18 at 01:21
  • I guess I should have looked into HTTPS before asking this question. I was mainly worried about what URLSession did or didn’t do... – zumzum Aug 10 '18 at 01:22
  • URLSession doesn't "do" anything. It's no different from curl or a browser. It just talks over the network, however you tell it. – matt Aug 10 '18 at 01:42

0 Answers0