{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Lonely孤独者° 的问题《HTTPS and BASIC authentication》','https://www.manongdao.com/q-201825.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
When I use HTTP BASIC authentication along with HTTPS, are the username and password securely passed to the server?
I would be happy if you can help me with some references.
I mean, it would be great if I can cite StackOverflow Q&A as a reference in, say, assignments, reports, exams, or even in a technical paper. But I think I am not there yet.
Yes, they are passed securely... if a hacker can decrypt your https transaction he can for sure decrypt the base64 user:password...
I know the more rocks you put the harder it takes... but base64 is not for security reasons
If a tool like Fiddler is installed on your local system, it could be used to forward your https transmissions decrypted to a third party. If someone sets it up to do this, they already own your system (either have physical access or full/root access).
yes. if you're using https the conversation with the web server is entirely encrypted.
HTTP Basic Authentication and HTTPS both are different concepts.
Please Note: There is difference between authorization and security. HTTP Basic authorization is an authorization concept it is not security
YES. In your case the HTTP message with username and password will be encrypted and then sent to the server.