current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

I have python flask running on my server exposing a REST API that is being consumed by an iOS app. I'm using HTTP Basic Authentication using the Flask-HTTPAuth: module. I wanted to know how secure this is because the username:password string would be sent on every request.

Do I need to use HTTPS instead?

Thanks!

Sorry for bad english. Still learning.

share|improve this question
add comment

1 Answer

up vote 1 down vote accepted

Your current system is (very!) insecure, the login information can be seen during transit by anyone.

The easiest way to add secure HTTP is to install a proxy server like nginx. Then nginx is configured for secure HTTP, but it relays all the requests to the Flask application listening on a private socket without encryption.

This link will send you to the nginx documentation on secure HTTP.

share|improve this answer
    
Thanks - I presumed so. Do you know of any web tutorial that could help walk me through that process of setting up certificates etc. I'll start reading up on the basis of HTTPS and also use the link you provided. - thanks –  wholly_cow Oct 26 '13 at 4:49
2  
@wholly_cow: You should be able to find tutorials on how to set up certificates very easily. Hint: use the search term "SSL certificates". –  Mark Hildreth Oct 26 '13 at 17:47
    
Thanks @MarkHildreth. That was actually helpful. I found this link that helped the server side and now I'm working through the client side. I had one more question: Given my basic understand of SSL Cert I do not need a signed certificate - is that a correct assumption? Would my traffic between client and server still be encrypted without a signed cert? –  wholly_cow Oct 27 '13 at 19:42
    
@Miguel. Using this method can I then just use nginx to deploy the flask server in production env? –  wholly_cow Oct 27 '13 at 19:44
    
@wholly_cow: Please stop asking questions in the comment section of an answer. If you have additional questions, ask it as a new question (or better yet, search for someone else who has asked the same question before). –  Mark Hildreth Oct 27 '13 at 20:49
add comment

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.