0

I have a server which supports NTLM and basic authentication schemes and I am using curl to connect to this server using https.

For certain reasons, I want curl to use basic authentication scheme when both NTLM and basic is supported, if not use NTLM, i.e. I want to patch curl, and reverse the order of the preference of the authentication scheme.

I have read the following comment in the curl source code:

The order of these checks is highly relevant, as this will be the order of preference in case of the existence of multiple accepted types.

Granted that basic authentication is too simple, but since I am using SSL, it shouldn't affect security, should it? Would there be any adverse effects of this reversal?

Paras
  • 642
  • 6
  • 16

1 Answers1

0

See this question for a detailed answer:

https://security.stackexchange.com/questions/988/is-basic-auth-secure-if-done-over-https

Community
  • 1
  • 1
jmc
  • 813
  • 10
  • 18
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – ProgramFOX Mar 08 '14 at 10:48
  • I agree in general, but the link is on a stackexchange site, one of the larger ones at that, so it's unlikely to go away - unless the answer is wrong, in which case copying it is only making things worse. So yes, brining material into the SE network is good, but duplicating material in the SE network is probably not a good idea. – jmc May 09 '14 at 14:37