Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security question

 
Deepak Jain
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whiz labs question
Which of the authentication mechanism use the same transmission mechanism.
a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above.

answer: b.
I think the answer is e.
BASIC: UserName/Password is encoded in BASe64 format and trasmitted.
DIGEST: UserName/Password is encoded in MD5 format and trasmitted.
FORM: UserName/Password is trasmitted in plain text.
CLIENT_CERT: SSL security mecanism is used to transmit UserName/Password.

Please clarify.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The answer depends on how "transmission mechanism" is defined. Since that's not a term with a commonly agreed upon precise definition, several answers are possible.

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

So I'd say the question is not worded well.
 
John Woo
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
since that is not what the question about

How do you know that? Do you have the book so that you can look up what it means by "transmission mechanism"? I maintain that -without further context- the question is ill-posed.
 
Deepak Jain
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.


BASIC uses BAe64 encoding to encrypt the credentials. Base64 is well known. But its better than plain text.
FORM uses plain text,

So how can answer B be correct?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So how can answer B be correct?

This question, too, can only be answered if everyone agrees to a precise definition of "transmission mechanism". Barring that, it seems futile to me to try to reason about this.
 
Deepak Jain
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above

If "transmission mechanism" means "HTTP", then A, B and C are correct.
Yes i agree to this since Basic,Digest and Form all use Http protocol. Client-Cert uses HttpS protocol.

If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

If it means "something that is cryptologically secure", then D is correct.
Client-Cert uses PKC and Digest uses MD5. Correct me if am wrong.

If it means "something that is not cryptologically secure", then B is correct. Basic uses Base64 which is well known to all hackers and Form uses plain text.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

BASIC and DIGEST information is transported in the HTTP headers, which is different from FORM, which is part of the HTTP body.
 
Lakshmi Narayanan
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is one more which is Built in meachanism of HTTP

which is DIGEST and BASIC
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic