> On 17 Aug 2021, at 19:25, Chris Angelico <ros...@gmail.com> wrote: > > On Wed, Aug 18, 2021 at 4:16 AM Barry Scott <ba...@barrys-emacs.org> wrote: >> Oh and if you have the freedom avoid Basic Auth as its not secure at all. >> > > That's usually irrelevant, since the alternative is most likely to be > form fill-out, which is exactly as secure. If you're serving over > HTTPS, the page is encrypted, and that includes the headers; if you're > not, then it's not encrypted, and that includes the form body.
There is digest and Ntlm that do not reveal the password. If you are over TLS then form or base is as good as each other. Barry > > There are other issues with basic auth, but security really isn't one. > > ChrisA > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
