File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes question about authentication mechanisms Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "question about authentication mechanisms" Watch "question about authentication mechanisms" New topic

question about authentication mechanisms

shi lei

Joined: Jan 17, 2006
Posts: 15
The transmission method in the Basic and FORM mechanisms is the same.
true or false?
answer is true.

I know
In Form based authentication user password is transimitted as plain text.
but Basic Authentication ise Base64 encoding.

why true?
Kiaama Liames
Ranch Hand

Joined: Jun 30, 2006
Posts: 52
Here the password is encoded and not encrypted which is more secure than the simple base64 encoding. Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated .
In the deployment descriptor of a Web application, form-based authentication does not specify the security realm, as the basic authentication mechanism does. Therefore the transport mechanism is considered the same
[ July 12, 2006: Message edited by: Kiaama Liames ]

scjp 1.4<br />scwcd 1.4
I agree. Here's the link:
subject: question about authentication mechanisms
jQuery in Action, 3rd edition