basic auth request
Chris Angelico
rosuav at gmail.com
Tue Aug 17 14:22:50 EDT 2021
On Wed, Aug 18, 2021 at 4:16 AM Barry Scott <barry at barrys-emacs.org> wrote:
> Oh and if you have the freedom avoid Basic Auth as its not secure at all.
>
That's usually irrelevant, since the alternative is most likely to be
form fill-out, which is exactly as secure. If you're serving over
HTTPS, the page is encrypted, and that includes the headers; if you're
not, then it's not encrypted, and that includes the form body.
There are other issues with basic auth, but security really isn't one.
ChrisA
More information about the Python-list
mailing list