Possible Duplicate:
Is BASIC-Auth secure if done over HTTPS?
I want to set up a web server on a computer at home which will basically do no more than send the browser a file which contains potentially sensitive data (It really won't be, but I will use this situation as an exercise to learn about infosec).
I have found this method of creating a Python SSL HTTP server, which I would like to try but I'm hoping somebody could explain to me the implications of the server not requiring a client certificate. Under what conditions can I (as client) be certain that I am connecting to my actual machine at home?
In particular, without performing any authentication in serving the content, anybody who connects to my_host:443 will be served (using an encrypted HTTP stream). If I perform basic HTTP user/pass authentication here, will it then be sufficient? I guess at this point the attacker will not be able to reuse the credentials because the transmission is encrypted at that point.
The reason that I am thinking about building my own web server is that it has proven quite difficult to get an SSH server set up on a Windows environment without having Cygwin (which I will not give a reason for why I avoid it other than it takes too long to configure and install and this is entirely a matter of personal preference).
