which concepts are common to all 4 authentication mechanism supported by j2EE compliant container.I got the answers.But my doubt is one of the options given is target server authentication what does that mean?
The spec gives you an hint : Basic Authentication is not a secure authentication protocol. User passwords are sent in simple base64 encoding, and the target server is not authenticated. Additional protection can alleviate some of these concerns: a secure transport mechanism (HTTPS), or security at the network level (such as the IPSEC protocol or VPN strategies) is applied in some deployment scenarios. VPN can uses authentication before VPN connection, where servers are also authenticated.
0
