- Fri Mar 18, 2016 4:35 am
#43473
I am trying to add some protection to my server, but cannot find any documentation on using basic authorization. Do I need to write CGI to support this, or is it somehow automated (like with .htaccess in Apache)?
Moderator: Sprite_tm
- Fri Mar 18, 2016 8:31 am
#43490
Basic Auth is quite simple :
- the client needs to provide "Authorization" in the header with user/passwd in base64.
- if client doesn't not provide the above, the server simply reply a 401 with 'WWW-Authenticate : Basic realm="MyServer123" ' in his header.
https://en.wikipedia.org/wiki/Basic_acc ... entication
- the client needs to provide "Authorization" in the header with user/passwd in base64.
- if client doesn't not provide the above, the server simply reply a 401 with 'WWW-Authenticate : Basic realm="MyServer123" ' in his header.
https://en.wikipedia.org/wiki/Basic_acc ... entication
- Fri Mar 18, 2016 9:50 am
#43499
Everything you need is already implemented, look for "myPassFn" in user_main.c.
However unless you also add encryption, basic auth does not provide any real security, since the browser sends the username/password with ever get request, which an attacker can easily sniff.
However unless you also add encryption, basic auth does not provide any real security, since the browser sends the username/password with ever get request, which an attacker can easily sniff.
- Fri Mar 18, 2016 12:59 pm
#43508
Thanks, I searched the files but somehow missed that!
And yes, I know that this is not secure if https is not used, but it is just for basic access control.
And yes, I know that this is not secure if https is not used, but it is just for basic access control.
