Reputation: 7466
Securing HTTP requests in Python
Bottle offers only basic authentification, which seems okay, since digest authentication is not the non-plus ultra. But what is? I have thought of:
- encrypting username and password with BCrypt before making the request
But does this even makes sense or should I drop this idea and just make a secure HTTP connection with HTTPS (SSL) and be done with it?
Upvotes: 1
Views: 3241
Answers (1)
Reputation: 55207
Why Bother?
Hashing the password client-side provides the little added benefit that the password itself isn't sent on the clear (so it's not revealed),
However, it doesn't prevent an eavesdropper from pretending to be the user whose password he obtained.
You should just be using HTTPS.
This is the most reliable (and simple!) solution.
Plus, you'll get the added benefits of HTTPS:
- No eavesdropping on any of your communications (not just on the login!)
- No tampering
- Server authentication its visual "green lock" counterpart (which your users could appreciate).
As a general rule of thumb in security and encryption, you should always stick to the standards.
Upvotes: 4
Related Questions
- Correct way to make a Python HTTPS request using requests module?
- Python requests security protocol
- HTTPS server with Python
- HTTPS request with Python standard library
- Setting up simple SAFE http server in Python3
- how to make a https request in python 3
- How to make secure connection with python?
- Python network communication with encryption and password protection
- HTTPS request in Python
- HTTP based authentication/encryption protocol in a custom system