Hi,

Could not find much info about how fetch authenticates.

So if I had a https server running nginx with basic auth configured.

And someone was trying to man-in-the-middle one of our routers.
Using wireshark or similar would they be able to sniff out the password.

Assuming the P/W is safe, if they configured a local dsn matching our server url and a fileserver w/o authentication would fetch pull a file if configured to use authentication?

Other then checking certs (were are tryng to find a way to deal with a cert/crl going bad) is there anyway to ensure it will only fetch files from our server?

Amusing the PW is safe I was thinking you could verify a secondary password before executing.

Using wireshark or similar would they be able to sniff out the password.

No, that's why you use HTTPS