Skip to content

Commit

Permalink
Basic auth on HTTPS is OK. (elsewhencode#79)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mohamed3on
Mohamed3on authored and Vahid Panjganj committed Jul 28, 2017
1 parent 7880278 commit 4796211
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -660,7 +660,7 @@ The **client app did something wrong** or The **API did something wrong**.
### 9.2 API security
These are some basic security best practices:
* Don't use basic authentication. Authentication tokens must not be transmitted in the URL: `GET /users/123?token=asdf....`
* Don't use basic authentication unless over a secure connection (HTTPS). Authentication tokens must not be transmitted in the URL: `GET /users/123?token=asdf....`
_Why:_
> Because Token, or user ID and password are passed over the network as clear text (it is base64 encoded, but base64 is a reversible encoding), the basic authentication scheme is not secure. [read more...](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
Expand Down

0 comments on commit 4796211

Please sign in to comment.