Collaborate Disseminate
In a header you can have—for example—"Authorization: Basic " xor "Authorization: Bearer ".
If I use my Bearer token as Basic, then can this endpoint double as a give me fresh tokens for this access token"?
https://… Continue reading Bearer token in header as Basic token? – Does that violate the RFC6749 spec?
I have my home network behing a nginx reverse proxy (a Docker container) which is configured to use 4th level domains to reach some of my services I need to open up to the Internet. Some of them require extra HTTPS basic authentication to … Continue reading Is a weak appliance behind a reverse proxy affecting the security of the home network?
I’ve read questions targeting the usage of basic authentication over HTTPS. Since the connection is already secure, except e.g. a compromised certificate, communication should be rather safe.
But I work in a research project where HTTPS mi… Continue reading Using asymmetric encryption as authentication over HTTP?
I know I might take a lot of flack for asking this basic question, but I hope you’ll be patient with me. I was looking at a few websites and analyzing the payload when sending a POST request to login.
ON GitHub, for example, I can see both… Continue reading How to detect web account vulnerability [duplicate]
I work for a software company and I’m currently doing research for an enhancement request. Essentially we have a application client which talks to a rest end point which is authenticated using basic authentication over SSL. A client is re… Continue reading Basic authentication after mTLS?
Due to several customer reasons our product needs to support Basic Auth as primary authentication mechanism with client’s service account.
We are using Bcrypt to store customer’s password in our DB, however Bcrypt (combined with Basic Auth… Continue reading Best secure approach with Basic Auth
As per my understanding both JWT and Basic Auth used to store login credentials on client side and avoid sessions for better scalability. I understand with Basic Auth login credentials will be sent along with each request which is a secur… Continue reading What are the advantages of using JWT over Basic Auth with Https?
I’m testing a REST API.
To get the access-token and refresh-token you need first to authenticate using Basic Authentication with user and password.
Then you get access-token and refresh-token pair and you can use the first to interact with… Continue reading Can be this considered token race condition vulnerability?
I have been looking for cloud based proxies, and I notice that it’s very common to authenticate to a proxy using basic auth over an unencrypted connection. I don’t understand why this is considered acceptable.
Is proxy authentication diffe… Continue reading Is basic HTTP proxy authentication secure?
I have an API that is handling a lot of volume and is using Basic authorization. This is causing me some performance issues and I’d like to move to token based auth but for various reasons, including problems forcing integrated parties to … Continue reading Is caching the credentials hash and auth result secure?