0

Does LibCurl provide some functionality to produce tokens or hash/salt a string and shared secret? My c++ program will upload files to the server and my server script will authenticate that the HTTP post is coming from my c++ application and not someone else. So I'll send a auth token or hash in the query string that the server script can compare with its own to authenticate the request.

I've seen that you can authenticate using curl --user name:password http://www.example.com but can't a user just read the binary executable and see the username and password?

Although, maybe I am reinventing the wheel with my auth approach. Does LibCurl or another c++ provide the ability to perform shared-secret authentication?

sazr
  • 24,984
  • 66
  • 194
  • 362

1 Answers1

0

I haven't tried this, but since the command line supports a netrc file as described here https://stackoverflow.com/a/27894407/1542667. This is more secure when using the command line as you don't make your password visible to everyone on the same host via the ps command.

It looks like you could use the same approach for libcurl

https://curl.haxx.se/libcurl/c/CURLOPT_NETRC_FILE.html

Community
  • 1
  • 1
Yuri Schimke
  • 12,435
  • 3
  • 35
  • 69