I building a service which be served via https.
I would like to know if password (or any specific key) transmitted in curl option CURLOPT_USERPWD are safe when data is “over the wire” ?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I building a service which be served via https.
I would like to know if password (or any specific key) transmitted in curl option CURLOPT_USERPWD are safe when data is “over the wire” ?
ALL data send via HTTPS is encrypted. This means that it is very difficult (but not impossible) for anyone between the server and the client to view the raw data of the request.
If you want to fully understand the potential ramifications of using HTTP basic auth, you should fully understand how it works.
Since HTTP is a plain text protocol, it is very insecure. HTTPS is simply HTTP using an encrypted socket – which means that the request/response format itself is completely unchanged. If you can view the plain-text version of the request, you can glean from it whatever information you like. But, using SSL/TLS makes it very difficult to view the plain-text version.
HTTP Basic auth is inherently vulnerable to man-in-the-middle attacks and should never be used over an unencrypted connection, but using HTTPS makes it fairly safe. The only consideration is that the server will be able to view the password in plain text – if you don’t want this to happen, you should use Digest auth, HTTPS or otherwise.