Given the following extract from a deployment descriptor, which of the following statements regarding authentication are true? [Check all correct answers]
1. The user interface used to capture the username and password can be customised with its own look-and-feel. 2. The username and password is encoded using the Base64 mechanism before being sent to the server. 3. This authentication method is supported by all browsers. 4. This authentication method is supported by all servlet containers that conform to the servlet specification. 5. When a protected resource is requested, the browser opens a dialog box prompting for a username and password.
The answer is: 1, 3, 4 (My answer was: 1, 2, 3, 4)
I understand that FORM auth type is similar to BASIC auth type in the way of sending the password. But I also know that BASIC auth will encode the password in Base64, so why the FORM doesnt encode? Is the answer correct? Thanks.