aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes DIGEST and CLIENT CERT issues Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "DIGEST and CLIENT CERT issues" Watch "DIGEST and CLIENT CERT issues" New topic
Author

DIGEST and CLIENT CERT issues

Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290
Hi,

DIGEST -

* ALL BROWSERs -> NO GUARANTEED
* J2EE SPEC -> NO GUARANTEED


CLIENT CERT -

* ALL BROWSERs -> GUARANTEED
* J2EE SPEC -> NO GUARANTEED (?)


is it correct?

Tks and cya.


SCJP | SCWCD | SCBCD | SCWSD 5 | SCEA (I) 1.4 | SCEA 5 | IBM SOA 669
shweta bulbule
Ranch Hand

Joined: Mar 24, 2006
Posts: 30
for client cert client shud have a certificate,
i don't think all browsers -> guaranteed...is correct.

need u Mr. KnowTheAnswer, plz help.


Thanks,<br />Shweta
Steven Colley
Ranch Hand

Joined: Feb 18, 2005
Posts: 290
as far "DIGEST" authentication type,

i got this from a mock...

"Password is transmitted in an ***encrypted*** form."...

isn�t that wrong?

i mean, it uses MD5 , but it�s not encrypted, it�s encoded.

for me , the only one that uses "encrypted" is CLIENT-CERT....

Does it make sense?

tks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42282
    
  64
MD5 is neither an encryption nor an encoding: it's a hash. The difference is (with a good deal of hand-waving) that for encodings the decoder is widely known, while for encryption, you have to know the key to decrypt it. But a hash is a one-way ting - once something is hashed, you can't ever retrieve the original.


Ping & DNS - my free Android networking tools app
Akshay Kiran
Ranch Hand

Joined: Aug 18, 2005
Posts: 220
hope this helps, this was given in the SCWCD exam study kit

✧ BASIC: Performed by sending the username and password in Base64
encoding.
Advantages:
� Very easy to set up
� Supported by all browsers
Disadvantages:
� It is not secure, since the username and password are not
encrypted. � You cannot customize the look and feel of the dialog
box.

✧ DIGEST: Performed by sending a digest of the password in an
encrypted form.
Advantages:
� Secure
Disadvantages:
� Not supported by all browsers

✧ FORM: Performed by sending username and password in Base64
encoding. The username and password are captured using a
customized HTML FORM.
Advantages:
� Easy to set up
� Supported by all browsers
� Customized look and feel
Disadvantages:
� It is not secure, since the username and password are not
encrypted unless HTTPS is used.

✧ CLIENT-CERT:
Advantages:
� Very secure
� Supported by all browsers
Disadvantages:
� Costly to implement


"It's not enough that we do our best; sometimes we have to do<br />what's required."<br /> <br />-- Sir Winston Churchill
 
Consider Paul's rocket mass heater.
 
subject: DIGEST and CLIENT CERT issues