Skip to content Skip to sidebar Skip to footer
Home / Basic Authentication / Flask / Http / Https / Python

Security Of Python Flask Rest Api Using Http Basic Authentication

Post a Comment
I have python flask running on my server exposing a REST API that is being consumed by an iOS app. I'm using HTTP Basic Authentication using the Flask-HTTPAuth: module. I wanted to

Solution 1:

Your current system is (very!) insecure, the login information can be seen during transit by anyone.

The easiest way to add secure HTTP is to install a proxy server like nginx. Then nginx is configured for secure HTTP, but it relays all the requests to the Flask application listening on a private socket without encryption.

This link will send you to the nginx documentation on secure HTTP.

Solution 2:

Alternatively, you can have HTTPS running directly from Flask. The link has clear instructions of how to do this. It is a quick, easy method to use while developing.

For production, I'd use Apache's mod_ssl function, or as already stated by Miguel, nginx, as proxy servers.

You may like these posts

Post a Comment for "Security Of Python Flask Rest Api Using Http Basic Authentication"