Is basic HTTP authentication over SSL less secure than 2-note Oauth?

Question

Is basic HTTP authentication over SSL less secure than 2-note Oauth?

I am creating a REST API that should be safe enough - payment data is not transmitted, but I want the accounts not to be captured, for example.

I looked at the implementation of 2 Legged Oauth, but I don’t see the real benefit of just using basic auth over SSL (with a high API key with entropy software created as a password)

Are they any scenarios where 2 Legged Oauth is more secure than HTTP basic auth over SSL?

+4

security rest api

DanSingerman Feb 19 '13 at 8:44

source share

1 answer

fnkr · Answer 1 · 2013-02-19T08:46:30+0000

HTTPS is a full HTTP request sent over an SSL connection. Data transmitted through basic auth HTTP is also encrypted if you use HTTPS.
Basically, so it does not matter.
It may be bad that you must store the password on the client computer using HTTP basic auth.
With oAuth, as far as I know, only the token is saved.

Is basic HTTP authentication over SSL less secure than 2-note Oauth?

More articles: