Reputation: 103
Is this a secure way to authenticate users?
I am running a small local HTTP server that allows me to manage config files via GET requests. However, this action should require a password, so I came up with the following solution:
Let's say the password is test123.
I hashed the password using SHA-512 and saved it to a .txt-file on my web server. When I want to get the config file main.json, I would send this request:
http://192.168.178.72/config.php?mode=get&file=main&password=test123
Is this a secure way of doing it?
Upvotes: 1
Views: 37
Answers (2)
Reputation: 76
No, you should use https instead and a POST request to avoid printing the passphrase in the url.
As long as you use http, every connection or connection attempt could suffer under a man-in-the-middle attack. Use of https and proper certificate pinning could avoid this
Upvotes: 0
Reputation: 26
No, because as you can see, the credentials are being displayed on the url, use POST instead.
Upvotes: 1
Related Questions
- Is basic access authentication secure?
- Api credentials via HTTP Auth, good idea?
- Authentication for a webpage
- Authentication system - is my one secure?
- Is my implementation of one-time password safe enough?
- Basic HTTP Authentication: User or Application?
- Is this authentication method secure?
- HTTP Authentication Security
- Does this session/token authentication system make sense for my web api?
- Secure user authentication - Am I doing it right?