James M Snell wrote:
Servers utilizing authentication mechanisms that involve the clear-text transmission of a password (e.g. HTTP Basic Authentication) MUST secure the connection using, for example, a Transport Layer Security (TLS) connection.
Ok, so let's say I have an internal company wiki that's editable using APP. The wiki is hosted on our internal network and everyone accessing the wiki is on the internal network too. Everything behind a firewall. Hell, maybe we aren't even connected to the internet at all. The wiki uses basic auth for identification. Why is it that we MUST use a secure connection.
Regards James
