Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Form authentication

 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since FORM authentication passwords and user names are encoded with base64 encoding, is it right to say that FORM authentication passes the password as text ? I found myself disagreeing with an answer to a mock exam question that said that FORM authetication passes passwords in text format. The answer did acknowledge the presence of base 64 encoding but since this is weak, the answer given was "password passed as text".

So should i choose "text" in the exam or "password passed in encrypted format ?".
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is base64 encoded text. It's plain text, not encrypted.

From the spec:
Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated.
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, strictly speaking, base64 is an encoding (which can easily be reversed), not an encryption (for which a password is needed).
 
Deepak Bala
Bartender
Posts: 6663
5
Firefox Browser Linux MyEclipse IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ahhh... that clears it up. Thanks
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic