File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Security question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Security question" Watch "Security question" New topic
Author

Security question

Deepak Jain
Ranch Hand

Joined: Aug 05, 2006
Posts: 637
Whiz labs question
Which of the authentication mechanism use the same transmission mechanism.
a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above.

answer: b.
I think the answer is e.
BASIC: UserName/Password is encoded in BASe64 format and trasmitted.
DIGEST: UserName/Password is encoded in MD5 format and trasmitted.
FORM: UserName/Password is trasmitted in plain text.
CLIENT_CERT: SSL security mecanism is used to transmit UserName/Password.

Please clarify.


SCJP, SCWCD, SCBCD
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41604
    
  55
The answer depends on how "transmission mechanism" is defined. Since that's not a term with a commonly agreed upon precise definition, several answers are possible.

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

So I'd say the question is not worded well.


Ping & DNS - my free Android networking tools app
John Woo
Greenhorn

Joined: Jul 29, 2008
Posts: 8
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41604
    
  55
since that is not what the question about

How do you know that? Do you have the book so that you can look up what it means by "transmission mechanism"? I maintain that -without further context- the question is ill-posed.
Deepak Jain
Ranch Hand

Joined: Aug 05, 2006
Posts: 637
The answer is b is just because BASIC and FORM are both not encrypted, at the same security level. No need to think in other ways like HTTP protocol since that is not what the question about.


BASIC uses BAe64 encoding to encrypt the credentials. Base64 is well known. But its better than plain text.
FORM uses plain text,

So how can answer B be correct?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41604
    
  55
So how can answer B be correct?

This question, too, can only be answered if everyone agrees to a precise definition of "transmission mechanism". Barring that, it seems futile to me to try to reason about this.
Deepak Jain
Ranch Hand

Joined: Aug 05, 2006
Posts: 637

If "transmission mechanism" means "HTTP", then A, B and C are correct.

If it means "HTTP headers", then A is correct.

If it means "something that is cryptologically secure", then D is correct.

If it means "something that is not cryptologically secure", then B is correct.

a) BASIC & DIGEST
b) BASIC & FORM
c) FORM and DIGEST.
D) CLIENT-CERT and DIGEST
e) None of above

If "transmission mechanism" means "HTTP", then A, B and C are correct.
Yes i agree to this since Basic,Digest and Form all use Http protocol. Client-Cert uses HttpS protocol.

If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

If it means "something that is cryptologically secure", then D is correct.
Client-Cert uses PKC and Digest uses MD5. Correct me if am wrong.

If it means "something that is not cryptologically secure", then B is correct. Basic uses Base64 which is well known to all hackers and Form uses plain text.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41604
    
  55
If it means "HTTP headers", then A is correct.
Can you please elaborate on this one?

BASIC and DIGEST information is transported in the HTTP headers, which is different from FORM, which is part of the HTTP body.
Lakshmi Narayanan
Ranch Hand

Joined: Apr 29, 2008
Posts: 58
There is one more which is Built in meachanism of HTTP

which is DIGEST and BASIC


Thanks<br />Lakshmi<br />SCJP 1.4 - 90%<br />SCWCD 5 - 89%
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security question