Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is everything encrypted when I use curl -X Post with https?

Tags:

curl

https

I'm starting to use the bitbucket API with OAuth and use curl to interact with the API. Most of my calls look like

curl -X POST -v  -H "Authorization: Bearer 1U(...)42eQ==" -H "Content-Type: application/json" https://api.bitbucket.org/2.0/repositories/UserFoo/test_create -d '{"scm": "git", "is_private": "true", "fork_policy": "no_public_forks" }

or

curl -X POST -v  -u "UserFoo:TopSecret" https://api.bitbucket.org/2.0/repositories/UserFoo

As I use POST and https I assume that it's secure if I also send my password in the second command. But I just started with curl so I'd be happy if someone with more experience could confirm that.

like image 503
FooTheBar Avatar asked Jan 08 '16 16:01

FooTheBar


1 Answers

Yes, as long as you use HTTPS, the connection and the data transferred is encrypted.

Of course, while the communication between you and the server is encrypted, if you are seriously concerned about security, you need to make sure your authentication data is not exposed anywhere on your side (e.g. in the source code).

Moreover, you should prefer the Oauth bearer token over the username/password, as Oauth token are generally designed to have a more restricted access to the account (compared to username/password) and can easily be revoked without affecting other tokens.

like image 50
Simone Carletti Avatar answered Oct 12 '22 11:10

Simone Carletti