Hi, I'm a little confused about the available methods for clients to authenticate themselves to a web application. In particular, all tutorials mention "basic HTTP authentication" , "form-based", and "digest". Which is clear enough. However, some of them mention "client certificate" while others refer to "https (or SSL) client authentication". Are those 2 terms identical ?
Also, am I correct in understanding that "basic http" and "form based" are the most commonly used, yet they allow the password to travel as *plain text* ? This really sounds bad... which authentication method would you recommend ?
0
