basic auth request
Jon Ribbens
jon+usenet at unequivocal.eu
Tue Aug 17 17:47:33 EDT 2021
On 2021-08-17, Barry <barry at barrys-emacs.org> wrote:
>> That's usually irrelevant, since the alternative is most likely to be
>> form fill-out, which is exactly as secure. If you're serving over
>> HTTPS, the page is encrypted, and that includes the headers; if you're
>> not, then it's not encrypted, and that includes the form body.
>
> There is digest and Ntlm that do not reveal the password.
That's only true if you're not using HTTPS - and you should *never*
not be using HTTPS, and that goes double if forms are being filled
in and double again if passwords are being supplied.
More information about the Python-list
mailing list