Bruno Pedro


Still using HTTP Basic Auth?

Great article by Steve Graham about why you should stop using HTTP Basic Auth immediately!

As well as being tremendously simple, HTTP Basic by itself is also tremendously insecure, i.e. it is implemented by simply Base64 encoding the username and password concatenated with a colon “:” character. It then follows that HTTP Basic should only be used, if at all, over securely encrypted connections.

Original article: WHY THE HELL DOES YOUR API STILL USE HTTP BASIC AUTH?