• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

security

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
which form of authentication is used in real environment
and which is most common.
is it form based authentication or basic authentication
Thanks in advance
 
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
- HTTP basic authentication
- HTTP digest authentication
- Form-based authentication
- HTTPS client authentication

HTTP basic authentication
In basic authentication, a Web server requests a Web client to authenticate the user. The Web client obtains the username and the password from the user through a login box and transmits them to the Web server. The Web server then authenticates the user in the specified realm. Though it is quite easy to set up, it is not secure because simple base64 encoding is used. It is supported by all the common browsers.

HTTP digest authentication
The HTTP digest authentication also gets the username/password details in a manner similar to that of basic authentication. However, the authentication is performed by transmitting the password in an encrypted form. Only some Web browsers and containers support it. Form-based authentication
Form-based authentication allows a developer to control the look and feel of the login screens. The login form must contain fields for entering a username and password. These fields must be named j_username and j_password, respectively.

Form-based authentication has the same lack of security as basic authentication because the user password is transmitted as plain text and the target server is not authenticated. However, it is quite easy to implement and is supported by most of the common browsers.

HTTPS client authentication End-user authentication using HTTP over SSL (HTTPS) requires the user to possess a public key certificate (PKC). All the data is transmitted after incorporating public key encryption. It is the most secure authentication type and is supported by all the common browsers.

I think now you can figure out, what to use, yourself.

cheers.
 
Stop it! You're embarassing me! And you are embarrassing this tiny ad!
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic