• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Authentication

 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Question from J2EECertification mock exam.

Which of the following are true?

<web-app>
....
<login-config>
<auth-method>DIGEST</auth-method>
</login-config>
...
</web-app>

1. All data between the client and the server is encrypted.
2. This authentication method is supported by all the commonly used browsers.
3. An MD5 digest of the password is sent from the client to the server.
4. A web application using this method of authentication is not guaranteed to work on all application servers.


The answer given is 3,4.
But according to HFSJ, DIGEST does use a less commonly used encryption mechanism. Then why is option 1 wrong?

Thanks
Deepti
 
Ranch Hand
Posts: 598
3
jQuery Google App Engine Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
please refer Marcus Green notes to get rid of your confusion.

best regards,
omi
[ July 15, 2008: Message edited by: omi sharma ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
DIGEST protects the username/password exchange only, not the rest of the communication. So the "all data" part is not satisfied.
 
Ranch Hand
Posts: 189
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
Using digest authentication, your password is never sent across the network in the clear, but is always transmitted as an MD5 digest of the user's password. In this way, the password cannot be determined by sniffing network traffic.
 
Grow your own food... or this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic