Consuming HTTP Services in Python Transcripts
Chapter: Accessing authenticated HTTP services
Lecture: Be cautious with basic authentication
Login or
purchase this course
to watch this video and the rest of the course contents.
0:01
So let's work with some services that require us to supply a username and password. This type of authentication is often referred to as basic auth,
0:11
or a basic authentication. Now, you need to be very careful when using basic authentication, the reason is, it gets sent across to the server,
0:20
if you look at the actual header, it looks like it might be encrypted or something, but in fact, all it is is just the bytes basic c4 encoded,
0:27
and there is no encryption there, you can just unencode it and it turns out it shows you username and password
0:33
basically in plain text, so for that reason, you should only use basic auth over trusted connections, so ssl or your vpn maybe, or an intranet,
0:43
vpn intranet those are kind of equivalent to the extent that hopefully, what I mean is a corporate vpn, a public vpn you are still sending this stuff
0:52
around the internet, it's probably better, in fact, I am sure it's better than like sending it through your local coffee shop wi-fi
0:58
but still, make sure that this is most of the time I would just say require this
1:01
to be over ssl or something internal if you trust people on the network.