Consuming HTTP Services in Python Transcripts
Chapter: Accessing authenticated HTTP services
Lecture: Be cautious with basic authentication

Login or purchase this course to watch this video and the rest of the course contents.
0:01 So let's work with some services that require us to supply a username and password. This type of authentication is often referred to as basic auth,
0:11 or a basic authentication. Now, you need to be very careful when using basic authentication, the reason is, it gets sent across to the server,
0:20 if you look at the actual header, it looks like it might be encrypted or something, but in fact, all it is just the bytes basic c4 encoded,
0:27 and there is no encryption there, you can just unencode it and it turns out it shows you username and password
0:33 basically in plain text, so for that reason, you should only use basic auth over trusted connections, so ssl or your vpn maybe, or an intranet,
0:43 vpn intranet those are kind of equivalent to the extent that hopefully, what I mean is a corporate vpn, a public vpn you are still sending this stuff
0:52 around the internet, it's probably better, in fact, I am sure it's better than like sending it through your local coffee shop wi-fi
0:58 but still, make sure that this is most of the time I would just say require this
1:01 to be over ssl or something internal if you trust people on the network.


Talk Python's Mastodon Michael Kennedy's Mastodon