Securing an API: SSL & HTTP Basic Authentication vs Signature

by

HTTP Basic Authentication over SSL is perfectly secure from my research.

After all, using SSL (strictly TLS now) means the transport layer is encrypted and we can safely assume any information passed over this is secure and has not been tampered with.

Therefore passing the username and password without generating a signature is sufficient.

More Related Contents:

  1. JWT (JSON Web Token) automatic prolongation of expiration
  2. What is token-based authentication?
  3. Authentication versus Authorization
  4. Where to store JWT in browser? How to protect against CSRF?
  5. Non-random salt for password hashes
  6. JWT refresh token flow
  7. Cross Domain Login – How to log a user in automatically when transferred from one domain to another
  8. Where do you store your salt strings?
  9. SPA best practices for authentication and session management
  10. How do I store and retrieve credentials from the Windows Vault credential manager?
  11. Symfony2 extending DefaultAuthenticationSuccessHandler
  12. Best way for a ‘forgot password’ implementation? [closed]
  13. What is the best Distributed Brute Force countermeasure? [closed]
  14. Should I hash the password before sending it to the server side?
  15. How to do stateless (session-less) & cookie-less authentication?
  16. Using Symfony2’s AccessDeniedHandlerInterface
  17. Is it OK to return a HTTP 401 for a non existent resource instead of 404 to prevent information disclosure?
  18. How to manually decrypt an ASP.NET Core Authentication cookie?
  19. Secure Google Cloud Functions http trigger with auth
  20. RSA signature size?
  21. Google Authenticator available as a public service?
  22. Best practices for server-side handling of JWT tokens [closed]
  23. How do I secure REST API calls?
  24. What are best practices for securing the admin section of a website? [closed]
  25. The definitive guide to form-based website authentication [closed]
  26. What is the difference between a cer, pvk, and pfx file?
  27. Should I impose a maximum length on passwords?
  28. Remember me Cookie best practice?
  29. buffer overflow example from Art of Exploitation book
  30. Single Session Login in Laravel

Leave a Comment