one-page-app-with-drupal-and-vue icon indicating copy to clipboard operation
one-page-app-with-drupal-and-vue copied to clipboard

Published 20 hours ago verified publisher icon ivandoric

Video Part 10: do not hard code basic auth hash

Open Chi-teck opened this issue 8 years ago • 0 comments

we going to hash that password and send it encrypted

That was already mentioned in the video comments that the base64 is not encryption.

I would like to emphasize how easy to discover the login and password from that "encrypted" hash.

Bash

echo 'aXZhbjpwYXNzd29yZA==' | base64 --decode

PHP

base64_decode('aXZhbjpwYXNzd29yZA==');

JavaScript

atob('aXZhbjpwYXNzd29yZA==');

Or you can just use online decoder.

The workaround could be implementing authorization form and asking the user to provide his Drupal credentials or just use some other authentication provider (for example 'Cookie').

I suggest updating the video with relevant information because it may have security implications for users following this approach.

Thanks for your work!

Chi-teck avatar Sep 07 '16 06:09 Chi-teck