1 All data between the client and the server is encrypted. 2 This authentication method is supported by all the commonly used browsers. 3 An MD5 digest of the password is sent from the client to the server. 4 A web application using this method of authentication is not guaranteed to work on all application servers.
Answer: 3,4 but according to HFSJ pag 645, DIGEST authentication transmits the login information in a more secure way,but because the encryption mechanism isn't widely used , J2EE containers aren't required to support it. Please clarify whether DIGEST authentication supports encryption or not.
I think 'tag' is not mandatary element in the tld file. jsp-version is used in old tld files. As per the JSP 2.0 there is no jsp-version element, but there is mandatary attribute to taglib entry named 'version'.
The DIGEST is not exactly encryption/decryption, but it is one-way encryption/hashing. It is also known as Checksum algorithm. The popular example of DIGEST is MD5.
Thank u Narendra for ur immediate reply. Tld files are mainly used for mapping between jsp and tag class. So is it that tag is mandatory in tld file. please clarify.
Joined: Dec 04, 2004
Tld files are mainly used for mapping between jsp and tag class. So is it that tag is mandatory in tld file. please clarify.
In addition to tag element, there are other elements in the tld files. You can define mapping of tag files ( not required, if not in jar files) or EL functions. So the tag element is not mandatary in TLDs.
Regarding the first question, I looked at the JSP2.0 spec and the XML schema for TLD, JSP 2.0 shows that the only required element in a TLD file is <tag-lib> which is the document root. The only required elements within <tag-lib> are <tlib-version> and <short-name>. Ofcourse, it probably doesn't make sense to define the TLD file in the first place if you're not going to put in a <uri>, <tag>, <function> or something else.