File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes DIGEST and CLIENT CERT issues Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of Arduino in Action this week in the General Computing forum!

A special promo: Enter your blog post or vote on a blogger to be featured in an upcoming Journal
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Reply Bookmark "DIGEST and CLIENT CERT issues" Watch "DIGEST and CLIENT CERT issues" New topic
Author

DIGEST and CLIENT CERT issues

Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290
posted private message
0
Quote
Hi,

DIGEST -

* ALL BROWSERs -> NO GUARANTEED
* J2EE SPEC -> NO GUARANTEED


CLIENT CERT -

* ALL BROWSERs -> GUARANTEED
* J2EE SPEC -> NO GUARANTEED (?)


is it correct?

Tks and cya.

SCJP | SCWCD | SCBCD | SCWSD 5 | SCEA (I) 1.4 | SCEA 5 | IBM SOA 669
shweta bulbule
Ranch Hand

Joined: Mar 24, 2006
Posts: 30
posted
0
Quote
for client cert client shud have a certificate,
i don't think all browsers -> guaranteed...is correct.

need u Mr. KnowTheAnswer, plz help.

Thanks,<br />Shweta
Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290
posted private message
0
Quote
as far "DIGEST" authentication type,

i got this from a mock...

"Password is transmitted in an ***encrypted*** form."...

isn�t that wrong?

i mean, it uses MD5 , but it�s not encrypted, it�s encoded.

for me , the only one that uses "encrypted" is CLIENT-CERT....

Does it make sense?

tks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35429
    
    9
posted
0
Quote
MD5 is neither an encryption nor an encoding: it's a hash. The difference is (with a good deal of hand-waving) that for encodings the decoder is widely known, while for encryption, you have to know the key to decrypt it. But a hash is a one-way ting - once something is hashed, you can't ever retrieve the original.

Android appsImageJ pluginsJava web charts
Akshay Kiran
Ranch Hand

Joined: Aug 18, 2005
Posts: 220
posted private message
0
Quote
hope this helps, this was given in the SCWCD exam study kit

✧ BASIC: Performed by sending the username and password in Base64
encoding.
Advantages:
� Very easy to set up
� Supported by all browsers
Disadvantages:
� It is not secure, since the username and password are not
encrypted. � You cannot customize the look and feel of the dialog
box.

✧ DIGEST: Performed by sending a digest of the password in an
encrypted form.
Advantages:
� Secure
Disadvantages:
� Not supported by all browsers

✧ FORM: Performed by sending username and password in Base64
encoding. The username and password are captured using a
customized HTML FORM.
Advantages:
� Easy to set up
� Supported by all browsers
� Customized look and feel
Disadvantages:
� It is not secure, since the username and password are not
encrypted unless HTTPS is used.

✧ CLIENT-CERT:
Advantages:
� Very secure
� Supported by all browsers
Disadvantages:
� Costly to implement

"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: DIGEST and CLIENT CERT issues
 
Similar Threads
Doubt in auth methods
Please clarify
Is CLIENT-CERT a part of servlet spec?
DIGEST authentication type
Form Based Authentication in J2EE1.4