Is it safe using Basic Authentication when using HTTPS
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Is it safe using Basic Authentication when using HTTPS




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Is it safe using Basic Authentication when using HTTPS  
Paw Pedersen


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-11-07 06:21 PM

As far as I can find out, the SSL handshake is being done before the basic
authentication credentials is passed through the network, so it will be
encrypted, and not possible to sniff. Can anybody please confirm that?

Best regards
Paw Pedersen




[ Post a follow-up to this message ]



    Re: Is it safe using Basic Authentication when using HTTPS  
Ken Schaefer


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-12-07 06:22 AM

Your understanding is correct - traffic is encrypted prior to any
transmission of credentials in the HTTP entity.

Depending on the key strength of your asymmetric and then session keys, it
may be possible to brute force the encrypted packets after they have been
sniffed.

Cheers
Ken

"Paw Pedersen" <newsATpaws.dk> wrote in message
news:uH0Lrl9wHHA.4736@TK2MSFTNGP04.phx.gbl...
> As far as I can find out, the SSL handshake is being done before the basic
> authentication credentials is passed through the network, so it will be
> encrypted, and not possible to sniff. Can anybody please confirm that?
>
> Best regards
> Paw Pedersen
>




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 08:56 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register