RFC 2617 richiede che in Autenticazione HTTP di base , il nome utente e la password devono essere codificati con base64.
To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 encoded string in the credentials.
basic-credentials = base64-user-pass base64-user-pass = <base64 encoding of user-pass, except not limited to 76 char/line> user-pass = userid ":" password userid = *<TEXT excluding ":"> password = *TEXT
Userids might be case sensitive.
If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Poiché la codifica base64 offre zero sicurezza delle credenziali, perché è fatto?