I am trying to make a script that uploads files to a nextcloud server via webdav. The documentation says this can be done using a PUT HTTP request, like so:
import requests
url = "https://example.com/path/to/file.txt"
file = open("file/to/upload.txt")
response = requests.put(url, auth=(user, passwd), data=file)
This works just fine, and I get a 201 status code as a response, which means the file has been created, but I feel like its quite unsafe to do it this way.
I can add the parameter verify=True to make sure the file is sent encrypted if the web has a valid SSL certificate, but I don't know if the authentication credentials are encrypted too.
In case they're not, how would I securely make the request without revealing my password?
You're PUTting to a url that starts with
httpsso you're making the request over TLS which is secure if you have a good certificate. If you have a good certificate, your username and password will also be sent over TLS and be secure.To find out if your certificate is good, try running
openssl s_client -showcerts -connect example.com:443from the commandline and check that it reportsVerify return code: 0 (ok)or try opening a browser and type inhttps://example.comand see if the browser complains.