Secure login to REST API over HTTP


I'm currently working on C# a project which integrates with the TeamCity REST API and it's all working ok except for sending passwords in plain text over HTTP during authentication. I've seen that the regular user login page actually encrypts or hashes the password which makes it safer over HTTP than sending the plain text password. Does anyone know if it's possible to do something similar when connecting to the REST API, and if so is there a C# implementation of the encryption / hashing algorithm somewhere? (Or alternatively, a description of what the technical details of the encryption / hashing algorithm are so that I can have a go at implementing it myself - I'll publish the result on a GitHub project if I get it working).

We've got a long-term plan to move to HTTPS which would obviously be a better solution, but in the meantime I'm stuck with HTTP and I'd like to avoid sending plain text passwords...



1 comment

Please sign in to leave a comment.