I have a question about HTTPS and HTTP Authentication credentials.
Suppose I secure a URL with HTTP Authentication:
<Directory /var/www/webcallback>
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /var/www/passwd/passwords
Require user gooduser
</Directory>
I then access that URL from a remote system via HTTPS, passing the credentials in the URL:
https://gooduser:[email protected]/webcallback?foo=bar
Will the username and password be automatically SSL encrypted? Is the same true for GETs and POSTs? I'm having a hard time locating a credible source with this information.
This question is related to
https
basic-authentication
Not necessarily true. It will be encrypted on the wire however it still lands in the logs plain text
Yes, it will be encrypted.
You'll understand it if you simply check what happens behind the scenes.
Source: Stackoverflow.com