• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What are (if any) the security drawbacks of REST Basic Authentication with Javascript clients?

Adriano Nobre Oliveira
Posts: 6
Java Linux Mac
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Greetings all,

I have this application that consists of a REST back-end intended to servicing requests from an HTML5/JavaScript client (which I'm also building).

I'm planning on implementing an authentication mechanism that uses Basic Authentication where the JavaScript client would store the Base64-encoded user's credentials for the duration of a session. These credentials would be sent with each REST request in the "Authorization: Basic" header.

All the conversation between the JavaScript client and the REST backend would occur over HTTPS. I'm know that's a performance drawback in itself as it adds the overhead of encrypting/decrypting every single request/response, and that's ok for now.

What I'm really interested in at this point is the security aspect of it. I know the schema I've described is nothing novel and a lot of people have used it in their implementations (at least that's my understanding). However, I'm interested in knowing if anyone has encountered any security breaches or drawbacks with that.

The only thing I can think of would be if malicious code on the client side could somehow gain access to the stored credentials… I think thats is highly unlikely (but hackers are a creative bunch and some JS engines are buggy, so you never know :-)). Thoughts?


  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic