This week's book giveaway is in the HTML Pages with CSS and JavaScript forum.
We're giving away four copies of Testing JavaScript Applications and have Lucas da Costa on-line!
See this thread for details.
Win a copy of Testing JavaScript Applications this week in the HTML Pages with CSS and JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Carey Brown

BASIC authentication doubt.

 
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With NO <transport-guarantee> element in DD and <auth-method> as BASIC if I request a constrained resource the container issues a 401 Unauthorized response directing the browser to get login information from client and the browser pops up a dialog box to get username/password.

What I like to know here is whether this username/password send back to the container in the request header is visible(or)NOT. As per my understanding it should be visible because BASIC does not provide encryption. But I couldn't see them in the request header. I am using Http Header Live to trace the request and response headers.

I see this as part of the request header after the request has been made with user login information
Authorization: Basic cHJpeWE6cHJpeWE=

It looks like its been encrypted. But BASIC doesn't provide encryption.
I am totally confused here.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That isn't encryted, it is a Base64 encoded String in the form username assword
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean it is encoded.

Now I like to hear the difference between Encoding and Encrypting.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sometimes the behaviour can look the same, but the aim is different.

Encryption alters the data so that the original value can not be easily found given the 'cyphered' or altered value. Idealy you should not be able to reverse the encryption process unless you are meant to

Encoding is just the representation of the data. It is possible to represent data in many ways that can be easily converted between representations. Base64 encoding is a very common encoding which represents binary data as a subset of the ASCII character set. This allows binary data to be treated as text and makes it work when onlytext is allowed. I won't go into too many details of the why or what or how

Dave
 
    Bookmark Topic Watch Topic
  • New Topic