我正在对盐值和密码进行1000次SHA-512哈希。在查询用户信息时,将其返回是否安全?还是应该保护它,仅通过HTTPS使其可用?
例如,如果我发出以下请求:
GET: http://domain.com/users?id=437
它返回:
{"firstName":"Eliot","lastName":"My last name","email":"email@emailplace.com","password":[91,49,-34,77,79,-48,67,-62,-12,84,84,-18,-81,23,-92,-31,74,-28,-80,102,60,35,-102,115,18,-76,20,-90,-8,91,13,23],"authToken":"33c977b1-5ab6-4a8a-8da9-68c8028eff92","id":179}
这是否重要,它被公开了吗?