Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
It is almost useful with https, so that the credentials are sent encrypted to the server
-
@LetsCodeAlready base64 is not even hashing, it is just a conversion. Useless for encryption.
-
@gosubinit my previous boss wrote an ERP system that used a special kind of RPC.
It built an object that describes the call, serialized it, then base64 encoded it before sending on the wire, for maximum security. -
@JustKidding I got it, but using over https still doesn't make it useful from a security point of view.
-
@gosubinit that is why you need https, so the credentials are sent encrypted to the server, instead of only hashed
-
@LetsCodeAlready, Lets GetThisStraight Already:
For authentication:
https => encrypt data => good
base64 => does not encrypt data => useless
You can send plain text password over https without the base64. Just like every login form does.
Also,
"Almost useful" = "useless". Example: "in a car, an empty tire is almost useful"
Related Rants
Protecting credentials from eavesdropping using HTTP Basic Authorization header:
undefined
base64
cybersecurity
password
hash
authentication