• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Q64 HFSJ Mock exam

 
Renu Radhika
Ranch Hand
Posts: 243
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which authentication mechanism employs base64 encoding scheme to protect user passwords?

Answer is HTTP BASIC authentication

I guess it should have FORM based authentication also as the correct answer.Please share your thoughts on this.
 
Surendra Poranki
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any of those mechanisms can be used.

BASIC: Performed by sending the username and password in Base64 encoding.

FORM: Performed by sending username and password in Base64 encoding. The username and password are captured using a customized HTML FORM.
 
Renu Radhika
Ranch Hand
Posts: 243
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Then I guess this should be added to errata of HFSJ.Santou...Do let us know whether its a mistake
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Form authentication does not encode the password in base64. It's plain clear text.
 
Renu Radhika
Ranch Hand
Posts: 243
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh!But I thought the only difference is form uses customized form thats it.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No. Another difference is that you don't use a realm. Another difference is that you'll be redirected to an error page if you fail to login. You should read the details at SRV.12.5.3 Form Based Authentication of the Servlet specification.
 
nitin pai
Ranch Hand
Posts: 185
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have read this in Charles Lyons that:

All three types of authentication mechanisms can have the realm attribute
BASIC
FORM
DIGEST

Only CLIENT CERT should not have the realm atrribute
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
18. login-config Element
The realm-name indicates the realm name to use in HTTP BASIC authentication.
[ July 12, 2007: Message edited by: Christophe Verre ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic