Http Digest Authentication and HttpsClient Authentication
Joined: Sep 12, 2003
Hello all, I am very sorry if this a silly question. But what are the different types of authentication? and what exactly is Http Digest Authentication and Https Client authentication. can i get an article which can give me some information about the different authentication mechanisms? thanks in advance.
Joined: Nov 27, 2001
Here's is a very quick explanation: authentication mechanism: Digest: it is more secure than basic authentication (read basic auth explanation) because the password is sent in MD5 format. But it is not supported by all browsers and the servlet spec doesn't force the containers to implement it.
HTTPS Client: This authentication uses secure socket layer. An SSL connection is established between client-server and all data is sent encrypted. It is the most expensive to implement though. Basic: Very basic. Username/password is sent in plain text. have you tried accessing web pages and always get a pop up window asking you for a username/pwd for a particular realm. Well, that's basic authentication, in most cases. FORM-based: It's the same as basic authentication, but you have a bit more flexibility. You can create your own html form (just to improve the look and feel of the user interface -basic authentication does not allow you to modify the pop up window-). Again, password is sent in plain text. A very quick explanation. You might want to search separately each term, you probably find more results that way. HTH
I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury