Whiz labs question Which of the authentication mechanism use the same transmission mechanism. a) BASIC & DIGEST b) BASIC & FORM c) FORM and DIGEST. D) CLIENT-CERT and DIGEST e) None of above.
answer: b. I think the answer is e. BASIC: UserName/Password is encoded in BASe64 format and trasmitted. DIGEST: UserName/Password is encoded in MD5 format and trasmitted. FORM: UserName/Password is trasmitted in plain text. CLIENT_CERT: SSL security mecanism is used to transmit UserName/Password.
Please clarify.
SCJP, SCWCD, SCBCD
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35223
7
posted
0
The answer depends on how "transmission mechanism" is defined. Since that's not a term with a commonly agreed upon precise definition, several answers are possible.
If "transmission mechanism" means "HTTP", then A, B and C are correct.
If it means "HTTP headers", then A is correct.
If it means "something that is cryptologically secure", then D is correct.
If it means "something that is not cryptologically secure", then B is correct.
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35223
7
posted
0
since that is not what the question about
How do you know that? Do you have the book so that you can look up what it means by "transmission mechanism"? I maintain that -without further context- the question is ill-posed.
Deepak Jain
Ranch Hand
Joined: Aug 05, 2006
Posts: 637
posted
0
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.
BASIC uses BAe64 encoding to encrypt the credentials. Base64 is well known. But its better than plain text. FORM uses plain text,
So how can answer B be correct?
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35223
7
posted
0
So how can answer B be correct?
This question, too, can only be answered if everyone agrees to a precise definition of "transmission mechanism". Barring that, it seems futile to me to try to reason about this.
Deepak Jain
Ranch Hand
Joined: Aug 05, 2006
Posts: 637
posted
0
If "transmission mechanism" means "HTTP", then A, B and C are correct.
If it means "HTTP headers", then A is correct.
If it means "something that is cryptologically secure", then D is correct.
If it means "something that is not cryptologically secure", then B is correct.
a) BASIC & DIGEST b) BASIC & FORM c) FORM and DIGEST. D) CLIENT-CERT and DIGEST e) None of above
If "transmission mechanism" means "HTTP", then A, B and C are correct. Yes i agree to this since Basic,Digest and Form all use Http protocol. Client-Cert uses HttpS protocol.
If it means "HTTP headers", then A is correct. Can you please elaborate on this one?
If it means "something that is cryptologically secure", then D is correct. Client-Cert uses PKC and Digest uses MD5. Correct me if am wrong.
If it means "something that is not cryptologically secure", then B is correct. Basic uses Base64 which is well known to all hackers and Form uses plain text.
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35223
7
posted
0
If it means "HTTP headers", then A is correct. Can you please elaborate on this one?
BASIC and DIGEST information is transported in the HTTP headers, which is different from FORM, which is part of the HTTP body.
Lakshmi Narayanan
Ranch Hand
Joined: Apr 29, 2008
Posts: 58
posted
0
There is one more which is Built in meachanism of HTTP
0
