The History of the URL: Path, Fragment, Query, and...

[microDude]

I am not a web developer, but I have to ask.

Using basic authentication over SSL, does that mean if you entered https://user:pass@domain that the user and pass would be sent in the clear, or does this get put into the header and encrypted?

[dincer]

Yes, basic authentication is encrypted over SSL but there are more problems to that: https://security.stackexchange.com/questions/988/is-basic-au...

[csbowe]

It's base64 encoded and put into the header, according to the article.

[colejohnson66]

But if you use HTTPS, those headers are encrypted, right?

[kevin_thibedeau]

The problem is they can end up in the logs of the receiving server and if that gets hacked...