Hello, I am using the Single Access Token from authlogic to sync data from a MS Access Database to a Rails App. Because I sort of think that the URL sort of exposes the single access token, I am uneasy about extended use. I have heard that if one uses basic http authentication, HTTPS is really important for security. Is my case similar?
Thank You!
You'll need HTTPS for authentication security and protection of your data while in transit.
Single access tokens or any other one time use passwords protect you from key loggers or anyone obtaining and using your password since whatever password you used wouldn't work again. However, without HTTPS, it is possible for a man-in-the-middle attack.
Then there's the data you're sending across the wire. If they are not encrypted, they are easily captured in HTTP. In effect, HTTPS provides the data encryption during the transmission.