Is basic access authentication secure?

http basic-authentication
Nathan Osman picture Nathan Osman · Jul 24, 2010 · Viewed 34.7k times · Source

Using Apache, it is quite simple to set up a page that uses basic access authentication to prompt a user for a name/password and use those credentials in some way to grant access to that user.

Is this secure, assuming the connection between the client and server is secure?

Answer

Chris Diver picture Chris Diver · Jul 24, 2010

The worry about basic auth is that the credentials are sent as cleartext and are vulnerable to packet sniffing, if that connection is secured using TLS/SSL then it is as secure as other methods that use encryption.

Related questions

How to define the basic HTTP authentication using cURL correctly?

I'm learning Apigility (Apigility docu -> REST Service Tutorial) and trying to send a POST request with basic authentication via cURL: $ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://apigilityhw.sandbox.loc/…

Read More
What is the "realm" in basic authentication

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header? header('WWW-Authenticate: Basic realm="My Realm"'); Is it the page …

Read More
How to log out user from web site using BASIC authentication?

Is it possible to log out user from a web site if he is using basic authentication? Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time …

Read More