cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Digest vs. Basic Authentication: Password sent in clear?

From: Daniel Beardsmore <public_at_telcontar.net>
Date: Sun, 18 Mar 2007 02:12:25 +0000

Jerry Krinock wrote:
> ... but when I sniff network traffic using tcpdump, I do not see
> my password in either case. I expect to see my password when using Basic
> Authentication. Why might I not see my password? Maybe my curl invocations
> are wrong, or I don't know how to interpret tcpflow?

Basic auth uses a base64-encoded string of the form "user:pass". Clearly, in
this case, it really did keep your password safe, but it's not safe from anyone
who reads the HTTP spec ...
Received on 2007-03-18