This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Little Book of Impediments (e-book only) and have Tom Perry on-line!
See this thread for details.
Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication

 
deepti bellubbi
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Question from J2EECertification mock exam.

Which of the following are true?

<web-app>
....
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
...
</web-app>

1. All data between the client and the server is encrypted.
2. This authentication method is supported by all the commonly used browsers.
3. An MD5 digest of the password is sent from the client to the server.
4. A web application using this method of authentication is not guaranteed to work on all application servers.


The answer given is 3,4.
But according to HFSJ, DIGEST does use a less commonly used encryption mechanism. Then why is option 1 wrong?

Thanks
Deepti
 
Bobby Sharma
Ranch Hand
Posts: 598
3
Google App Engine jQuery Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please refer Marcus Green notes to get rid of your confusion.

best regards,
omi
[ July 15, 2008: Message edited by: omi sharma ]
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
DIGEST protects the username/password exchange only, not the rest of the communication. So the "all data" part is not satisfied.
 
Anand Bhatt
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
Using digest authentication, your password is never sent across the network in the clear, but is always transmitted as an MD5 digest of the user's password. In this way, the password cannot be determined by sniffing network traffic.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic