BasicAuth + HTTP

[dhia-gharsallaoui]

Hello 👋
I have an instance of Trino that accepts both HTTP and HTTPS connections. I'd like to know why we have authorization control in the client while the logic exists in the server and if passing the user and the password with an HTTP connection is possible.
Thank you.

[hashhar]

server doesn't accept credentials over HTTP. So even if you remove checks in the client you won't be able to authenticate.

Sending credentials over plaintext is a bad idea. If you're terminating TLS at a load balancer then you can still send credentials to the LB endpoint and ensure server config has http-server.process-forwarded=true set.

See https://trino.io/docs/current/security/tls.html for more.