http-basic-auth – Page 3 – WindowsTechs.com

Why image resources loaded from different origins triggers HTTP authentication dialogs would be harmful?

Posted on September 5, 2019 by Rick

From https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication, it says:

A potential security hole that has recently been fixed by browsers is
authentication of cross-site images. From Firefox 59 onwards, image
… Continue reading Why image resources loaded from different origins triggers HTTP authentication dialogs would be harmful?→

Any downside to using basic authentication over HTTPS in addition to native authentication?

Posted on August 18, 2019 by Mihai Nagy

Can basic authentication over HTTPS do any harm on a personal one-user server if used in addition to native authentication provided by individual web applications?

Continue reading Any downside to using basic authentication over HTTPS in addition to native authentication?→

Using Digest Authentication to fix TLS/PKI? Patents?

Posted on June 26, 2019 by Tuntable

TLS/PKI guarantees that the domain name as normally displayed in the URL in a browser is the one that is being communicated with. Which is completely useless in practice because users do not actually confirm that the domain … Continue reading Using Digest Authentication to fix TLS/PKI? Patents?→

Implementing generic login for Zap

Posted on June 24, 2019 by postoronnim

I need to build an automated tool that will be able to login to any website supporting basic auth to perform an authenticated scan with OWASP Zap (credentials provided). Here is what I have in mind: using python requests libr… Continue reading Implementing generic login for Zap→

REST API Basic Authentication Use Case

Posted on June 6, 2019 by lianc

I’m developing REST APIs and would like to know if Basic Authentication will be enough to secure them, or if I should be looking into other authentication methods, like OAuth2. My APIs are setup to only be accessed by a limit… Continue reading REST API Basic Authentication Use Case→

Firefox not deleting HTTP Basic authentication credentials although being instructed to do so

Posted on September 1, 2018 by Binarus

On one of my web servers, I have set up a password-protected directory using the well-known .htaccess / .htpasswd mechanism. The web server is run by Apache 2.4.10 under Debian jessie, if that matters. The relevant snippet from the virtual… Continue reading Firefox not deleting HTTP Basic authentication credentials although being instructed to do so→

How to prevent popping up a login dialogue using a malicious hotlinked image and HTTP Basic Auth header?

Posted on April 6, 2014 by user3196332

While using Firefox to browse my forums, I noticed that a malicious user posted an image (via hotlinking, not by uploading to my server) with the extension .png which complies with the forum rules (allowing only .png, .gif, …. Continue reading How to prevent popping up a login dialogue using a malicious hotlinked image and HTTP Basic Auth header?→

HTTP Basic Auth is enough?

Posted on June 17, 2013 by Leandro Garcia

I have WebSVN, Gitlab and phpMyAdmin hosted on my dev server. Now, all of it, I password protect the pages (not their individual login) using HTTP Basic Auth, is this the best practice that I can do?

Continue reading HTTP Basic Auth is enough?→

Is BASIC-Auth secure if done over HTTPS?

Posted on December 5, 2010 by morten

I’m making a REST-API and it’s straight forward to do BASIC auth login. Then let HTTPS secure the connection so the password is protected when the api is used.

Can this be considered secure?

Continue reading Is BASIC-Auth secure if done over HTTPS?→