posted 17 years ago
Here the password is encoded and not encrypted which is more secure than the simple base64 encoding. Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated .
In the deployment descriptor of a Web application, form-based authentication does not specify the security realm, as the basic authentication mechanism does. Therefore the transport mechanism is considered the same
[ July 12, 2006: Message edited by: Kiaama Liames ]