• nudelbiotop@feddit.de
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Anyone who has access to any involved network infrastructure can trace the cleartext communication and extract the credentials.

    • walkwalkwalkwalk@feddit.uk
      link
      fedilink
      arrow-up
      0
      ·
      1 year ago

      What do you mean by any involved network infrastructure? The URI is encrypted by TLS, you would only see the host address/domain unless you had access to it after decryption on the server.

        • walkwalkwalkwalk@feddit.uk
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          The comment we are replying to is asking about a situation where there is TLS. Also using clear text values in the URI itself does not mean there wouldn’t be TLS.