It's not a secret anymore!
The moose likes Servlets and the fly likes security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "security" Watch "security" New topic


Bala reddy

Joined: Jan 05, 2005
Posts: 6
which form of authentication is used in real environment
and which is most common.
is it form based authentication or basic authentication
Thanks in advance
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
- HTTP basic authentication
- HTTP digest authentication
- Form-based authentication
- HTTPS client authentication

HTTP basic authentication
In basic authentication, a Web server requests a Web client to authenticate the user. The Web client obtains the username and the password from the user through a login box and transmits them to the Web server. The Web server then authenticates the user in the specified realm. Though it is quite easy to set up, it is not secure because simple base64 encoding is used. It is supported by all the common browsers.

HTTP digest authentication
The HTTP digest authentication also gets the username/password details in a manner similar to that of basic authentication. However, the authentication is performed by transmitting the password in an encrypted form. Only some Web browsers and containers support it. Form-based authentication
Form-based authentication allows a developer to control the look and feel of the login screens. The login form must contain fields for entering a username and password. These fields must be named j_username and j_password, respectively.

Form-based authentication has the same lack of security as basic authentication because the user password is transmitted as plain text and the target server is not authenticated. However, it is quite easy to implement and is supported by most of the common browsers.

HTTPS client authentication End-user authentication using HTTP over SSL (HTTPS) requires the user to possess a public key certificate (PKC). All the data is transmitted after incorporating public key encryption. It is the most secure authentication type and is supported by all the common browsers.

I think now you can figure out, what to use, yourself.

I agree. Here's the link:
subject: security
It's not a secret anymore!