0

I apologize if this question is real entry level type programmer..

But if I am posting data with the requests package, is the data secure? OR while the http message is 'in the air' between my PC and http bin; could someone intercept/replicate what I am doing?... Basically corrupt my data and create havoc for what I am trying to do...

import time, requests


stuff = {}
stamp = time.time()

data = 120.2

stuff['Date'] = stamp
stuff['meter_reading'] = data

print("sending this dict",stuff)
r = requests.post('https://httpbin.org/post', data=stuff)

print("Status code: ", r.status_code)
print("Printing Entire Post Request")
print(r.text)

With the script above on the level of security would it matter if I am posting to a server that is running http or https? The code above is similar to my real world example (that I run on a rasp pi scheduled task) where I am posting data with a time stamp to an http (Not https) server (flask app on pythonanywhere cloud site) which then saves the data to sql. This data can then be rendered thru typical javacript front end web development...

Thanks for any advice I am still learning how to make this 'secure' on the data transfer from the rasp to to cloud server.. Asking about client side web browsing security to view the data that has already been transferred maybe a totally different question/topic..

TayTay
  • 6,882
  • 4
  • 44
  • 65
bbartling
  • 3,288
  • 9
  • 43
  • 88

2 Answers2

1

This is a question about protocols mainly. The HTTP protocol is less secure as someone can 'listen' to what you are sending over it. That's why you should always use the newer HTTPS protocol, since it uses TLS (encrypted) connection. You can read more about it e.g. here.

Vaclav Pelc
  • 582
  • 6
  • 20
  • So if i post my data to an SSL server URL I should be good to go? (no one could listen on the port?) And there would be nothing I need to change in my script posting the data? (Similar code to what I posted above...) – bbartling Jul 30 '20 at 13:44
  • Thanks for the link. The `man in the middle` attacker is sort of what I was interested to know can hack the data transfer... https://www.cloudflare.com/learning/security/threats/on-path-attack/ – bbartling Jul 30 '20 at 13:46
  • Yes, as @jomccr already said in his answer, it should be safe as long as you use HTTPS requests. – Vaclav Pelc Jul 30 '20 at 15:33
  • Can anyone give me a tip for how to generate https requests? Is this good to replicate? https://stackoverflow.com/questions/53577555/how-do-i-use-python-requests-lib-to-submit-an-https-post-request – bbartling Jul 30 '20 at 16:19
  • The code in your question right now is using HTTPS -- you just need to make sure that the URL you specify has `https://` at the start, and you're good to go. – Giles Thomas Aug 04 '20 at 10:23
0

Requests verifies SSL certificates for HTTPS requests, just like a web browser. By default, SSL verification is enabled, and Requests will throw a SSLError if it’s unable to verify the certificate.

https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification

If you're transmitting data that you do not want others to be able to see, use https. For this use case I can't imagine it would matter too much.

jomccr
  • 1