This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes question about authentication mechanisms Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "question about authentication mechanisms" Watch "question about authentication mechanisms" New topic
Author

question about authentication mechanisms

shi lei
Greenhorn

Joined: Jan 17, 2006
Posts: 15
ques:
The transmission method in the Basic and FORM mechanisms is the same.
true or false?
answer is true.

I know
In Form based authentication user password is transimitted as plain text.
but Basic Authentication ise Base64 encoding.

why true?
Kiaama Liames
Ranch Hand

Joined: Jun 30, 2006
Posts: 52
Here the password is encoded and not encrypted which is more secure than the simple base64 encoding. Form Based Authentication has the same lack of security as Basic Authentication since the user password is transmitted as plain text and the target server is not authenticated .
In the deployment descriptor of a Web application, form-based authentication does not specify the security realm, as the basic authentication mechanism does. Therefore the transport mechanism is considered the same
[ July 12, 2006: Message edited by: Kiaama Liames ]

scjp 1.4<br />scwcd 1.4
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: question about authentication mechanisms
 
Similar Threads
a vague question
authentication
Help: LDAP Authentication x RMI
Help: LDAP Authentication x RMI
http authentication methods