ESP8266 Webserver Project

Moderator: Sprite_tm

User avatar
By Piotr K
#43473 I am trying to add some protection to my server, but cannot find any documentation on using basic authorization. Do I need to write CGI to support this, or is it somehow automated (like with .htaccess in Apache)?
User avatar
By martinayotte
#43490 Basic Auth is quite simple :

- the client needs to provide "Authorization" in the header with user/passwd in base64.
- if client doesn't not provide the above, the server simply reply a 401 with 'WWW-Authenticate : Basic realm="MyServer123" ' in his header.

https://en.wikipedia.org/wiki/Basic_acc ... entication
User avatar
By lethe
#43499 Everything you need is already implemented, look for "myPassFn" in user_main.c.
However unless you also add encryption, basic auth does not provide any real security, since the browser sends the username/password with ever get request, which an attacker can easily sniff.
User avatar
By Piotr K
#43508 Thanks, I searched the files but somehow missed that!

And yes, I know that this is not secure if https is not used, but it is just for basic access control.