Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

DIGEST and CLIENT CERT issues

 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

DIGEST -

* ALL BROWSERs -> NO GUARANTEED
* J2EE SPEC -> NO GUARANTEED


CLIENT CERT -

* ALL BROWSERs -> GUARANTEED
* J2EE SPEC -> NO GUARANTEED (?)


is it correct?

Tks and cya.
 
shweta bulbule
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
for client cert client shud have a certificate,
i don't think all browsers -> guaranteed...is correct.

need u Mr. KnowTheAnswer, plz help.
 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
as far "DIGEST" authentication type,

i got this from a mock...

"Password is transmitted in an ***encrypted*** form."...

isn�t that wrong?

i mean, it uses MD5 , but it�s not encrypted, it�s encoded.

for me , the only one that uses "encrypted" is CLIENT-CERT....

Does it make sense?

tks.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
MD5 is neither an encryption nor an encoding: it's a hash. The difference is (with a good deal of hand-waving) that for encodings the decoder is widely known, while for encryption, you have to know the key to decrypt it. But a hash is a one-way ting - once something is hashed, you can't ever retrieve the original.
 
Akshay Kiran
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hope this helps, this was given in the SCWCD exam study kit

✧ BASIC: Performed by sending the username and password in Base64
encoding.
Advantages:
� Very easy to set up
� Supported by all browsers
Disadvantages:
� It is not secure, since the username and password are not
encrypted. � You cannot customize the look and feel of the dialog
box.

✧ DIGEST: Performed by sending a digest of the password in an
encrypted form.
Advantages:
� Secure
Disadvantages:
� Not supported by all browsers

✧ FORM: Performed by sending username and password in Base64
encoding. The username and password are captured using a
customized HTML FORM.
Advantages:
� Easy to set up
� Supported by all browsers
� Customized look and feel
Disadvantages:
� It is not secure, since the username and password are not
encrypted unless HTTPS is used.

✧ CLIENT-CERT:
Advantages:
� Very secure
� Supported by all browsers
Disadvantages:
� Costly to implement
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic