Joël and Aji kick off a new season by discussing the best use cases for HTTP basic auth and talking all things security.
The pair ask when and why you would use basic auth over standard HTTPS, it’s pros, cons and vulnerabilities over other forms of security, and provide some advice to help decide on what form of security you could implement on your site.
—
Thanks to our sponsors for this episode Judoscale - Autoscale the Right Way (check the link for your free gift!), and Scout Monitoring.
Check out these links for more information on some of the topics covered in today’s episode - Cross-Origin Resource Sharing - Cross-site request forgery (CSRF) - The Universe is Hostile to Computers
Your hosts for this episode have been thoughtbot’s own Joël Quenneville and Aji Slater.
If you would like to support the show, head over to our GitHub page, or check out our website.
Got a question or comment about the show? Why not write to our hosts: hosts@bikeshed.fm
This has been a thoughtbot podcast.
Stay up to date by following us on social media - YouTube - LinkedIn - Mastodon - BlueSky
© 2025 thoughtbot, inc.
Support The Bike Shed
