Forums Register Login

Form-Based Authentication

+Pie Number of slices to send: Send
Everywhere I see the same:

"form-based info is transmitted in the least secure way"

"data integrity in form-based authentication is very weak"

And others things like this.

But I was thinking... a lot of web sites use some kind of form-based authentication, even not upon J2EE.

Are they (the others sites) safer then J2EE's sites? If yes, how? If no, why all this chat about the form auth-method is used almost by everybody?
+Pie Number of slices to send: Send
Hi Paulo,

Typically, form-based authentication (login) is combined with HTTPS. So even though the password is sent "in the clear" in the request parameters, the whole HTTP request is encrypted between the client and server; therefore, the password cannot be read by a third-party in transit.

So, yes by itself form-based auth is insecure, but when combined with HTTPS it is very secure. And yes, many other web frameworks would also suffer from this issue not just JavaEE.

HTH,
Bryan
Our first order of business must be this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 704 times.
Similar Threads
How to use SQL database for J2EE web logins
Form and Basic Authentication
Using form based authentication and Struts
login authentication
Security Maintenance
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 07:34:41.