I'm writing a local webserver that requires authentication. Since its gonna be communicating through the loopback device (listening on 127.0.0.1), its traffic won't leave the local machine.
I can't imagine sending username/pwd in plaintext, even though nobody from the outside could sniff it; but I can't figure out how to secure the communication. It has to be secured, right? Some local user could sniff some other's.
How to do that then? SSL/TLS and some key/certificate newly generated at every startup?
|
| |||
|
feedback
|
