cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Digest vs. Basic Authentication: Password sent in clear?

From: Daniel Beardsmore <public_at_telcontar.net>
Date: Sun, 18 Mar 2007 02:12:25 +0000

Jerry Krinock wrote:
> ... but when I sniff network traffic using tcpdump, I do not see
> my password in either case. I expect to see my password when using Basic
> Authentication. Why might I not see my password? Maybe my curl invocations
> are wrong, or I don't know how to interpret tcpflow?

Basic auth uses a base64-encoded string of the form "user:pass". Clearly, in
this case, it really did keep your password safe, but it's not safe from anyone
who reads the HTTP spec ...
Received on 2007-03-18

This message: [ Message body ]
Next message: Daniel Beardsmore: "Re: Digest vs. Basic Authentication: Password sent in clear?"
Previous message: Jerry Krinock: "Re: Digest vs. Basic Authentication: Password sent in clear?"
In reply to: Jerry Krinock: "Re: Digest vs. Basic Authentication: Password sent in clear?"
Next in thread: Daniel Beardsmore: "Re: Digest vs. Basic Authentication: Password sent in clear?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]