• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

<auth-method>BASIC</auth-method> doubt??

 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Which of the following security mechanisms utilizes the concept of a realm?


1. Basic
2. Digest
3. Form
4. client-cert

The given answer is 1. Is this means whenever we have to use Basic as a Authentication mechanisam, we have to specify the relam also.???

like <web-app>
...
<login-config>
<!-- auth-method can be: BASIC, FORM, DIGEST, or CLIENT-CERT -->
<auth-method>BASIC</auth-method>
<realm-name>TestRealm</realm-name>
</login-config>
...
</web-app>

<realm-name>TestRealm</realm-name> is this the mandatory element while using Basic as <auth-method>?? because I might not noticed if HFSJ talks about it.

Thanks
 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well if you read the question again

Which of the following security mechanisms utilizes the concept of a realm?


Here utilizes doesn't mean that you are forced to use it. So I don't think that the realm-name attribute is mandatory...
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hmmmn... Good observation ankit

thnaks budy
 
Ankit Garg
Sheriff
Posts: 9521
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not related to the question, but I think poonam you make a lot of typos . I think you must concentrate on that along with SCWCD . Don't take this as an insult or something. This is said in good sense from all the angles ...
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Don't take this as an insult or something. This is said in good sense from all the angles


I won't as I don't know you Indeed
 
Poonam Agarwal
Ranch Hand
Posts: 324
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By the way , ankit, this post is cover the exam objective for security and other related stuff.
I think you need a one more glance at the Objectives of the SCWCD

Don't mind its just a advice budy
 
Benjamin Hiner
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Digest method of HTTP authentication challenges the client with a realm and the client is supposed to hash together the username password and realm. wiki Digest authentication. According to the rfc the realm is sent to the client for basic and digest authentication but it is only used for the return value for digest. Reference here. Am I just misunderstanding the question?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic