The look and feel of the "login screen" cannot be varied using the web browser's built-in authentication mechanisms. This specification introduces a required form based authentication mechanism which allows a Developer to control the look and feel of the login screens.
The web application deployment descriptor contains entries for a login form and error page. The login form must contain fields for entering a username and a password. These fields must be named 'j_username' and 'j_password', respectively.
Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated. Again additional protection can alleviate some of these concerns: a secure transport mechanism (HTTPS), or security at the network level (such as the IPSEC protocol or VPN strategies) is applied in some deployment scenarios.
i guess Form Based Authentication dosen't provide any kind of security. neither encryption nor encoded one. but Basic Authentication provides the base64 encoded techniche.
I am not sure weither this is the right reason.. I am also waiting for other replies
