Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I found on Assembla’s webhook tool possibility to integrate with twitter. To do this assembla uses such url:
http://username:password@twitter.com/statuses/update.xml
How twitter handles that kind of URL? Is this some standard? Does it require some special logic to perform login when someone POST data for URL with username:password? How can it be done in some web frameworks like RoR or Django?
Is this type of passing authentication data secure? (looks like not but maybe I’m missing something)
Its called Basic Authentication, supported by all the major browsers. It’s also very insecure using HTTP.
Here is a link to a Django implementation that adds Basic Auth to its security authentication chain.
link
EDIT: Basic Auth is considered secure when using HTTPS but has other issues, it is the lowest common denominator when it comes to authentication but not ideal in a lot of situations.