Hacker News new | ask | show | jobs
by niksakl 2103 days ago
With basic auth you give something more than that. You give the ACTUAL credentials, because they are base64 encoded and not hashed. It is trivial to decode them and have the raw values.

To assume that a user trusts the subdomain because she trusts the domain, is something I find insane.
1 comments
viraptor 2103 days ago
You're right. I was thinking of digest auth which at least has nonces and hashing. Basic does not.
link