Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. QNetworkAccessManager authentication
Forum Updated to NodeBB v4.3 + New Features

QNetworkAccessManager authentication

Scheduled Pinned Locked Moved Unsolved General and Desktop
2 Posts 2 Posters 3.2k Views 2 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    aatwo
    wrote on last edited by
    #1

    Hey guys. I'm using QNetworkAccessManager to fetch data from a REST server using get requests and it works great. I would like to introduce some authentication however I have some security concerns and since this is not my field of expertise I figured here would be a good place to double check what's going on :)

    Firstly I am aware that I can pack authentication credentials in to the request header, however if I understand correctly this is essentially going to expose them pretty much in plain text. Therefore the logical solution would be to secure the connection with SSL, i.e. use a HTTPS request instead. I'm led to believe that HTTPS headers are encrypted so everything at this point should be nice and secure. QNetworkAccessManager is pretty transparent in terms of SSL so here is a question. Is it sufficient to simply modify my query from "http://foobar" to "https://foobar" and to handle the possible QNetworkReply::sslError() signal?

    If so would my credentials be SSL encrypted in the following snippet where I'm packing them into the intial request? Or do I need to wait for the QNetworkAccessManager::authenticationRequired() signal to be emitted before providing those credentials?

    // Create request
        QNetworkRequest request;
        request.setUrl( QUrl( "https://myRestServer.com/myQuery" ) );
    
        // Pack in credentials
        QString concatenatedCredentials = username + ":" + password;
        QByteArray data = concatenatedCredentials.toLocal8Bit().toBase64();
        QString headerData = "Basic " + data;
        request.setRawHeader( "Authorization", headerData.toLocal8Bit() );
    
        // Send request and connect all possible signals
        QNetworkReply*reply = manager->get( request );
        connect( reply, SIGNAL(readyRead()), this, SLOT(slotReadyRead()) );
        connect( reply, SIGNAL(error(QNetworkReply::NetworkError)), this, SLOT(slotError(QNetworkReply::NetworkError)) );
        connect( reply, SIGNAL(sslErrors(QList<QSslError>)), this, SLOT(slotSslErrors(QList<QSslError>)) );
    

    Thanks in advance, Aaron.

    1 Reply Last reply
    1
    • sierdzioS Offline
      sierdzioS Offline
      sierdzio
      Moderators
      wrote on last edited by
      #2

      I think you are right, but it's always good to double-check. Try looking at your packets with some sniffer (like Wireshark).

      (Z(:^

      1 Reply Last reply
      2

      • Login

      • Login or register to search.
      • First post
        Last post
      0
      • Categories
      • Recent
      • Tags
      • Popular
      • Users
      • Groups
      • Search
      • Get Qt Extensions
      • Unsolved