Basic Authentication and RTC
Other versions of this page are also available for the following:
8/28/2008
Basic authentication is an industry-standard method that gathers user name and password information.
This method provides minimal user identification and, as a part of the HTTP specification, is available on most network browsers.
Basic authentication is a challenge-response authentication method, where the server challenges the client.
The disadvantage of Basic authentication is that the password and user name are sent over the network in clear text. These credentials can be viewed by anyone monitoring the network.
RTC uses Transport Layer Security (TLS) to encrypt the packets that contain basic authentication information. However, if TLS is not available on all connections along the route, the credentials remain visible on those segments.
The RTC Client API does not respond to a Basic authentication challenge from the server if TLS is not specified in the profile for the session.
Note
The Basic authentication method contains a security risk because the credentials can be viewed along the network path. This method is not recommended for use in RTC communications without careful consideration of the risk involved.