• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

JWebPlus ID:999984556200

 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which of the following are correct about HTTP basic authentication mechanism?
I took: Password is passed in encrypted form.
Right answer: Password is passed as plain text.
Explanation:Basic Authentication is not a secure authentication protocol. User passwords are sent in simple base64 encoding, and the target server is not authenticated.
I think: base64 might be not secure but it is an encryption mechanism.
Am I missing something?
Axel
[ February 28, 2002: Message edited by: Axel Janssen ]
 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3760
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Base64 encoding is not exactly an encryption. It's a conversion from ASCII format to Base64 format(as good as ASCII to say EBCDIC). You would not say that ASCII and EBCDIC are encryption mechanisms. Would you
Just like ASCII represents A by 65, Base64 represents it by 0.
For more info: http://www.faqs.org/rfcs/rfc1521.html
 
Axel Janssen
Ranch Hand
Posts: 2166
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks.
For me its a question of definition of the term encryption.
Axel
 
Madhav Lakkapragada
Ranch Hand
Posts: 5040
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good to know that, Paul.
Thanks.
- satya
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic