With NO <transport-guarantee> element in DD and <auth-method> as BASIC if I request a constrained resource the container issues a 401 Unauthorized response directing the browser to get login information from client and the browser pops up a dialog box to get username/password.
What I like to know here is whether this username/password send back to the container in the request header is visible(or)NOT. As per my understanding it should be visible because BASIC does not provide encryption. But I couldn't see them in the request header. I am using Http Header Live to trace the request and response headers.
I see this as part of the request header after the request has been made with user login information Authorization: Basic cHJpeWE6cHJpeWE=
It looks like its been encrypted. But BASIC doesn't provide encryption. I am totally confused here.
Sometimes the behaviour can look the same, but the aim is different.
Encryption alters the data so that the original value can not be easily found given the 'cyphered' or altered value. Idealy you should not be able to reverse the encryption process unless you are meant to
Encoding is just the representation of the data. It is possible to represent data in many ways that can be easily converted between representations. Base64 encoding is a very common encoding which represents binary data as a subset of the ASCII character set. This allows binary data to be treated as text and makes it work when onlytext is allowed. I won't go into too many details of the why or what or how