DEV Community

Discussion on: Basic Authentication with Lambda@Edge

Collapse
wolfejw86 profile image
Jay Wolfe

Please note that it's a horrible idea to use this for anything that's actually sensitive

Can you explain why?

Collapse
wulfmann profile image
Joseph Snell

Biggest reason I see is that you'd have to hardcode the username/password in code which means it would likely end up in source control. Not to mention this limits you to a single, static username/password combo which is in and of itself insecure.

Collapse
leenattress profile image
Lee Nattress

The check occurs in a lambda. It would be trivial to query cognito, a dynamodb or any other type of storage here. You should never just use code from the web, this is an example of the setup, and may I say thankyou to the original author, it helped me a great deal.