basic auth request
Barry
barry at barrys-emacs.org
Tue Aug 17 17:15:09 EDT 2021
> On 17 Aug 2021, at 19:25, Chris Angelico <rosuav at gmail.com> wrote:
>
> On Wed, Aug 18, 2021 at 4:16 AM Barry Scott <barry at barrys-emacs.org> wrote:
>> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
>>
>
> That's usually irrelevant, since the alternative is most likely to be
> form fill-out, which is exactly as secure. If you're serving over
> HTTPS, the page is encrypted, and that includes the headers; if you're
> not, then it's not encrypted, and that includes the form body.
There is digest and Ntlm that do not reveal the password.
If you are over TLS then form or base is as good as each other.
Barry
>
> There are other issues with basic auth, but security really isn't one.
>
> ChrisA
> --
> https://mail.python.org/mailman/listinfo/python-list
>
More information about the Python-list
mailing list