wood burning stoves 2.0*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Q64 HFSJ Mock exam Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Q64 HFSJ Mock exam" Watch "Q64 HFSJ Mock exam" New topic
Author

Q64 HFSJ Mock exam

Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
Which authentication mechanism employs base64 encoding scheme to protect user passwords?

Answer is HTTP BASIC authentication

I guess it should have FORM based authentication also as the correct answer.Please share your thoughts on this.
Surendra Poranki
Greenhorn

Joined: May 16, 2004
Posts: 5
Any of those mechanisms can be used.

BASIC: Performed by sending the username and password in Base64 encoding.

FORM: Performed by sending username and password in Base64 encoding. The username and password are captured using a customized HTML FORM.
Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
Then I guess this should be added to errata of HFSJ.Santou...Do let us know whether its a mistake
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Form authentication does not encode the password in base64. It's plain clear text.


[My Blog]
All roads lead to JavaRanch
Renu Radhika
Ranch Hand

Joined: Oct 21, 2005
Posts: 243
oh!But I thought the only difference is form uses customized form thats it.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

No. Another difference is that you don't use a realm. Another difference is that you'll be redirected to an error page if you fail to login. You should read the details at SRV.12.5.3 Form Based Authentication of the Servlet specification.
nitin pai
Ranch Hand

Joined: May 30, 2006
Posts: 185
I have read this in Charles Lyons that:

All three types of authentication mechanisms can have the realm attribute
BASIC
FORM
DIGEST

Only CLIENT CERT should not have the realm atrribute



Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

18. login-config Element
The realm-name indicates the realm name to use in HTTP BASIC authentication.
[ July 12, 2007: Message edited by: Christophe Verre ]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Q64 HFSJ Mock exam
 
Similar Threads
servlet security
Security frameworks for application frameworks
Security Maintenance
ladp authentication
How is Authentication done in projects?