I am preparing for the SCWCD exam and have these following doubts. I referred some books, but couldn't get a clear answer to them, and hence this post: 1) Are session variables thread-safe? The general idea seems to be that they are not. But, one of the books I read states that they are thread-safe, since each session is associated with a request, and request variables are thread-safe for most practical purposes. 2) Do both BASIC and FORM authentication methods use the Base64 encoding to transmit data to the server? 3) Is the DIGEST mechanism a sufficiently secure mechanism to transmit data to the server? I've read that it uses MD5 encryption, which is a one-way encryption, so it must be secure. What confused me is Alx Dark's tutorial, which said it's only marginally better than the Base 64 encoding by BASIC Authentication. If somebody could please clarify these doubts, I would really appreciate it. Thanks. -Bala.
1. It is not thread safe. SevletConfig, yes (read-only) ServletContext, no Session, no Request, yes Another discussion Not sure about the other two, and also want to know whether html form password field is send using Base64 encoding.
posted 17 years ago
Thanks Patricia. The discussion answered all the questions I had about the thread safety of session attributes. Hoping to get answers for the remaining two questions. Thanks. -Bala.
hi. about BASIC and FORM authenticatian mechanisms: BASIC use BASE64 encoding (NOTE: not encrypting), so password could be easily extracted from sniffed HTTP request by anyone. FORM does not use any mechanism for even encoding. Both ID and PASSWORD aer passed as plain text from parameters. You can test this cerating some HTML form with INPUT TYPE=PASSOWRD and make ACTION=".." METHOD="GET" (or does not define method at all). Then after submitting you will see you password in plain text in query string (although in the HTML form it will be hidded by asterisks). hope, this helps.
Exam 1Z0-810: Upgrade to Java SE 8 Programmer Study Guide and Quiz Exam 1Z0-817: Upgrade OCP Java 6, 7 and 8 to Java SE 11 Developer Study Guide and Quiz
posted 17 years ago
It sure did. Thanks Mikalai. -Bala.
Men call me Jim. Women look past me to this tiny ad: