Is it safe using Basic Authentication when using HTTPS

As far as I can find out, the SSL handshake is being done before the basic
authentication credentials is passed through the network, so it will be
encrypted, and not possible to sniff. Can anybody please confirm that?

Best regards
Paw Pedersen
Paw Pedersen [ Mi, 11 Juli 2007 17:07 ] [ ID #1765726 ]

Re: Is it safe using Basic Authentication when using HTTPS

Your understanding is correct - traffic is encrypted prior to any
transmission of credentials in the HTTP entity.

Depending on the key strength of your asymmetric and then session keys, it
may be possible to brute force the encrypted packets after they have been
sniffed.

Cheers
Ken

"Paw Pedersen" <newsATpaws.dk> wrote in message
news:uH0Lrl9wHHA.4736 [at] TK2MSFTNGP04.phx.gbl...
> As far as I can find out, the SSL handshake is being done before the basic
> authentication credentials is passed through the network, so it will be
> encrypted, and not possible to sniff. Can anybody please confirm that?
>
> Best regards
> Paw Pedersen
>
Ken Schaefer [ Do, 12 Juli 2007 04:07 ] [ ID #1766755 ]
Webserver » microsoft.public.inetserver.iis.security » Is it safe using Basic Authentication when using HTTPS

Vorheriges Thema: IIS,SQL Server and Windows Authentication
Nächstes Thema: Front Page Permissions Issue

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum