• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

form based authentication issue

 
John Qu
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I took a test on j2eecertificate.com and the site said below about form-based authentication:
The username and password is not encoded using the Base64 mechanism before being sent to the server. But I remember SCWCD Exam Stydy says form-based authentication is similar to Basic authentication.
Could someone explain this to me? Thanks.
 
Francois Roland
Ranch Hand
Posts: 34
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The answer on j2eecertificate.com is true.

With BASIC authentication, you trigger some special code in the client browser. This code encodes the username and password information in Base64, not for encryption purpose (that would be foolish) but to ensure that the data are transmitted as-is on a non-binary link (the HTTP connection). This mechanism avoids character encoding issues.

With FORM-BASE authentication, you (the application developer) are the only one that has a chance to mess with the form parameters (using javascript, vbscript, etc.). To the client browser, the custom authentication form just looks like any other applicative form. And a form is not base64-encoded by default by the common web browsers.

Remember that the only thing that makes the difference between a simple form and an authentication (apart form the deployment descriptor declaration) is the action attribute of your html form tag. So the authentication form is processed by the web browser as any other form of your application.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic