• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Authentication type

 
Ranch Hand
Posts: 219
Firefox Browser Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ranchers,

This is taken from www.j2eecertificate.com

<web-app>
....
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/signin.jsp</form-login-page>
<form-error-page>/signin_error.jsp</form-error-page>
</form-login-config>
</login-config>
...
</web-app>

Given the following extract from a deployment descriptor, which of the following statements regarding authentication are true? [Check all correct answers]

1. The user interface used to capture the username and password can be customised with its own look-and-feel.
2. The username and password is encoded using the Base64 mechanism before being sent to the server.
3. This authentication method is supported by all browsers.
4. This authentication method is supported by all servlet containers that conform to the servlet specification.
5. When a protected resource is requested, the browser opens a dialog box prompting for a username and password.

The answer is: 1, 3, 4
(My answer was: 1, 2, 3, 4)

I understand that FORM auth type is similar to BASIC auth type in the way of sending the password. But I also know that BASIC auth will encode the password in Base64, so why the FORM doesnt encode?
Is the answer correct?
Thanks.
 
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using Form auth type, Username and password are sent back in the Request with no encryption
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Using BASIC authentication the username and password sent using base64 encoding, but when you use FORM base authentication they are sent in clear text.

Thanks
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Note that base-64 is an encoding, not an encryption, so it is easily reversed. If you want the password to be transferred securely, use SSL.
 
Thank you my well lotioned goddess! Here, have my favorite tiny ad!
free, earth-friendly heat - a kickstarter for putting coin in your pocket while saving the earth
https://coderanch.com/t/751654/free-earth-friendly-heat-kickstarter
reply
    Bookmark Topic Watch Topic
  • New Topic