iOS Question http basic auth question

Discussion in 'iOS Questions' started by tufanv, Jan 14, 2019.

  1. tufanv

    tufanv Expert Licensed User

    Hello,

    I am using http post method the retrieve data from my server every second in my app. ( to get updated currency rates).

    To add a protection to my api, I am switching to basic auth where I will protect the folder on my server and use basic auth with httputils2 to access the file. my question is, is there a problem with this technically like : I am sending post request every second to get the updated rates, I didnt have any problem with this without using auth, if i switch to basic auth, maybe it will be slower to get the data with username and password, or some requests will fail because of this check ? Is there any downside of this method while sending a request every second ?

    the reason I am asking is : I track the response time with every request, without auth it was around 50ms but after auth it is arounf 150ms , on peak times when the currency moves are high, I am handling around 5000 concurrent connections on my server so if the basic auth somehow will increase the load it may crash my servers.

    Thanks
     
    Last edited: Jan 14, 2019
  2. Erel

    Erel Administrator Staff Member Licensed User

    By default, basic authentication requires another request. The first request is sent without the credentials.

    You can add the Authorization header yourself to save the first request.
    The header value should look like this:
    Basic QWxhZGRpbjpPcGVuU2VzYW1l

    QWxhZGRpbjpPcGVuU2VzYW1l = base64 encoding of username:password

    Note that you will probably get better performance with WebSockets.
     
  3. tufanv

    tufanv Expert Licensed User

    is this safe to send with header ? It is quite easy to decode base64 so if the header can be retrieved, user:pass can be taken easily ?
     
  4. Erel

    Erel Administrator Staff Member Licensed User

    It is always sent as a header. It is safe if you are using SSL.
     
    tufanv likes this.
  5. tufanv

    tufanv Expert Licensed User

    I tried to set :
    j.GetRequest.SetHeader("key","Y2FubGlkb3ZpemawcDoqIS8vVHVmYW5WYXQxOTkk")

    For the name I used a random string like "key" but Idont think it is true. I got :
    java.lang.NullPointerException

    the code is :

    Code:
    Dim j As HttpJob
        j.Initialize(
    "verial",Me)

      j.GetRequest.SetHeader(
    "key","Y2FubGlkb3ZpemFwcDoqIS8vVHVmaW5WYXQxOTkk")
        j.PostString(aktifserver&datauzanti,
    "jeton=" &jetonana &"&sembol="&sembolstring)
        j.GetRequest.Timeout=
    3500
     
  6. JanPRO

    JanPRO Well-Known Member Licensed User

    Hi,

    the error is caused because you are trying to access the request before it was created (with PostString). For basic authentication the header should look like:

    Code:
    Dim j As HttpJob
    j.Initialize(
    "verial",Me)
    j.PostString(aktifserver&datauzanti,
    "jeton=" &jetonana &"&sembol="&sembolstring)
    j.GetRequest.SetHeader(
    "Authorization","Basic <Base64String>")
    j.GetRequest.Timeout=
    3500
    However, I agree with Erel that it's probably better to use Websockets here.

    Jan
     
    Last edited: Jan 14, 2019
    tufanv and Erel like this.
  7. tufanv

    tufanv Expert Licensed User

    Hello,

    You are right probably. I never had a problem with http requests as long as my servers were enough but I don't have any experience with websockets. I don't know how many concurrent connections it can handle etc.. I need to do some research about it and maybe I can switch to that.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice