0

For instance Google has a feature where you can just curl the contents of

https://$ACCOUNT:[email protected]/mail/feed/atom.html

To get an Atom XML feed of your emails.

This seems highly unsafe obviously provided that this entire URI is some-how transmitted some-where unencrypted but Google's documentation itself does not warn for this and I would assume them to do so does this mechanism some-how rely on only accessing mail.google.com/mail/feed/atom.html in an unecrypted way while encrypting the "$ACCOUNT:$PASSWORD" string some-how?enter code here

Improve this question

1 Answer 1

Reset to default
1

In short: SSL will secure this part.

In detail:
The part before the '@' is the username and password used within basic access authentication. Basic access authentication is done by sending the username and password encoded (not encrypted) inside the HTTP request. When using HTTPS instead of plain HTTP it will first create a TLS connection and then send speak the HTTP protocol inside this encrypted and protected connection. This means, that the HTTP request which includes the authentication credentials will be protected too by this TLS connection against sniffing and manipulation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.