• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubts in Mock exam HFSJ

 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which authentication mechanism is recommended to be used only if cookies or SSL session tracking is in place?
A. HTTP Basic Authentication
B. Form Based Authentication
C. HTTP Digest Authentication
D. HTTPS Client Authentication


answer is B.
why not A??
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The look and feel of the "login screen" cannot be varied using the web browser's built-in authentication mechanisms. This specification introduces a required form based authentication mechanism which allows a Developer to control the look and feel of the login screens.

The web application deployment descriptor contains entries for a login form and error page. The login form must contain fields for entering a username and a password. These fields must be named 'j_username' and 'j_password', respectively.

Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated. Again additional protection can alleviate some of these concerns: a secure transport mechanism (HTTPS), or security at the network level (such as the IPSEC protocol or VPN strategies) is applied in some deployment scenarios.

i guess Form Based Authentication dosen't provide any kind of security. neither encryption nor encoded one. but Basic Authentication provides the base64 encoded techniche.

I am not sure weither this is the right reason.. I am also waiting for other replies
 
sravanthi pulukuri
Ranch Hand
Posts: 125
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
Thanks for your Valueble explanation
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic