Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

BASIC authentication doubt.

 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
With NO <transport-guarantee> element in DD and <auth-method> as BASIC if I request a constrained resource the container issues a 401 Unauthorized response directing the browser to get login information from client and the browser pops up a dialog box to get username/password.

What I like to know here is whether this username/password send back to the container in the request header is visible(or)NOT. As per my understanding it should be visible because BASIC does not provide encryption. But I couldn't see them in the request header. I am using Http Header Live to trace the request and response headers.

I see this as part of the request header after the request has been made with user login information
Authorization: Basic cHJpeWE6cHJpeWE=

It looks like its been encrypted. But BASIC doesn't provide encryption.
I am totally confused here.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That isn't encryted, it is a Base64 encoded String in the form username assword
 
Vishnu Prakash
Ranch Hand
Posts: 1026
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You mean it is encoded.

Now I like to hear the difference between Encoding and Encrypting.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sometimes the behaviour can look the same, but the aim is different.

Encryption alters the data so that the original value can not be easily found given the 'cyphered' or altered value. Idealy you should not be able to reverse the encryption process unless you are meant to

Encoding is just the representation of the data. It is possible to represent data in many ways that can be easily converted between representations. Base64 encoding is a very common encoding which represents binary data as a subset of the ASCII character set. This allows binary data to be treated as text and makes it work when onlytext is allowed. I won't go into too many details of the why or what or how

Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic