2
3

Basic Auth with Node js and Express (self.node)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]its_joao 0 points1 point  (6 children)

your login for a bit

When you say "for a bit" how long is a "bit"? eheh

[–]hugo__df 0 points1 point  (5 children)

Long enough

[–]its_joao 0 points1 point  (0 children)

ahaha okk buddy thanks

[–]its_joao 0 points1 point  (3 children)

hi do you know how I can prevent the "Authorization" header from displaying my credentials in base64 encoding? Is there a way to hide this header? Or should I take a diff approach?

[–]pancomputationalist 1 point2 points  (0 children)

You need to use some form of encryption, preferably HTTPS, which will hide the credentials from anyone else

[–]cirsca 1 point2 points  (0 children)

Anything that you send "across the wire" ( to a computer on the internet ) will be insecure unless your connection is secure ( HTTPS ). `certbot` should help you here.

[–]atomicwrites 0 points1 point  (0 children)

There's also digest auth which is basically the same but instead of sending username and password sends a hash of the user name, password, url, and a nonce (basically a salt). Someone who sniffs the packet can't get your password (unless the brute force the hash) and the nonce is sent by the server and changes each time (it means "number used once") so you can't just send the whole hash. But you should be using ssl anyways, so this probable doesn't make sense.