• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP basic authentication mechanism

 
mayank jamindar
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
PLz help me answer the following question:

Which of the following statements are correct about HTTP basic authentication mechanism?

1 Password is transmitted as text.
2 Password is transmitted in an encrypted form.

To help you I found this: Basic Authentication is not a secure authentication protocol. User passwords are sent in simple base64 encoding, and the target server is not authenticated.

Thanks in advance.
 
Jay Tse
Greenhorn
Posts: 11
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Answer is 1) Password is transferred as text.

Since Base64 is a common way of encoding (and not encrypting) the data, and since the decoding algorithm is commonly available, it is not secure.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic