Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTPS and BASIC authentication

Tags:

When I use HTTP BASIC authentication along with HTTPS, are the username and password securely passed to the server?

I would be happy if you can help me with some references.

I mean, it would be great if I can cite StackOverflow Q&A as a reference in, say, assignments, reports, exams, or even in a technical paper. But I think I am not there yet.

like image 377
Afriza N. Arief Avatar asked Aug 12 '10 03:08

Afriza N. Arief

People also ask

Does basic authentication work with HTTPS?

Security. The BA mechanism does not provide confidentiality protection for the transmitted credentials. They are merely encoded with Base64 in transit and not encrypted or hashed in any way. Therefore, basic authentication is typically used in conjunction with HTTPS to provide confidentiality.

What is HTTPS authentication?

HTTPS Client Authentication is a more secure method of authentication than either basic or form-based authentication. It uses HTTP over SSL (HTTPS), in which the server authenticates the client using the client's Public Key Certificate (PKC).

What is SSL basic authentication?

SSL authentication stands for Secure Sockets Layer and is a protocol for creating a secure connection for user-server interactions. All web interactions involve both a server and a user. Users often enter or have sensitive, personal information on sites that leave people and systems vulnerable.

2 Answers

yes. if you're using https the conversation with the web server is entirely encrypted.

like image 138
Don Dickinson Avatar answered Oct 11 '22 14:10

Don Dickinson

HTTP Basic Authentication and HTTPS both are different concepts.

  • In HTTP Basic Authentication username and password are sent in clear text (In HTTP Digest Authorization password is sent in base64 encoded using MD5 algorithm)
  • Whereas HTTPS is completely different functionality, here complete message is encrypted based on keys and SSL certificate.

Please Note: There is difference between authorization and security. HTTP Basic authorization is an authorization concept it is not security

YES. In your case the HTTP message with username and password will be encrypted and then sent to the server.

like image 26
Alam Avatar answered Oct 11 '22 15:10

Alam
Sign in to Comment

Related questions

Convert BMP to PNG in memory for Clipboard pasting in .Net
postfix and prefix increment operator in a for loop [duplicate]
Best way to determine mime type of a file in java? [duplicate]
How to loop on field names of a class
Correct usage of HTML5 `figure` and `aside`
Language or package for drawing geometric diagrams
Splitting a list of dictionaries into several lists of dictionaries
join two or more data frames in system R
How to generate a permutations or combinations of n rows in m columns?
Detect UDID spoofing on the iPhone at runtime
Rendering Layouts with Backbone.js
How to get parameters from PreparedStatement?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!