Consuming HTTP Services in Python Transcripts
Chapter: Accessing authenticated HTTP services
Lecture: Be cautious with basic authentication
0:01 So let's work with some services that
0:04 require us to supply a username and password.
0:07 This type of authentication is often referred to as basic auth,
0:10 or a basic authentication.
0:13 Now, you need to be very careful when using basic authentication,
0:16 the reason is, it gets sent across to the server,
0:19 if you look at the actual header,
0:21 it looks like it might be encrypted or something,
0:23 but in fact, all it is is just the bytes basic c4 encoded,
0:26 and there is no encryption there, you can just unencode it
0:29 and it turns out it shows you username and password
0:32 basically in plain text, so for that reason,
0:34 you should only use basic auth over trusted connections,
0:38 so ssl or your vpn maybe, or an intranet,
0:42 vpn intranet those are kind of equivalent to the extent that hopefully,
0:46 what I mean is a corporate vpn, a public vpn you are still sending this stuff
0:51 around the internet, it's probably better, in fact,
0:53 I am sure it's better than like sending it through your local coffee shop wi-fi
0:57 but still, make sure that this is most of the time I would just say require this
1:00 to be over ssl or something internal if you trust people on the network.