This week's book giveaways are in the Refactoring and Agile forums.
We're giving away four copies each of Re-engineering Legacy Software and Docker in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Doubt on Auth methods

 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Based on the increasing strengths arrange the authentication mechanisms

a. Form < Basic < Client-cert < Digest
b. Basic < Form < Digest < Client-Cert

I selected a. based on the HFSJ page 648; but the answer says b.

Thanks
 
Vijitha Kumara
Bartender
Posts: 3913
9
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please quote your sources (where did you get it?)
 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

From enthuware mock exam,any updates on this.

Thanks
 
Vijitha Kumara
Bartender
Posts: 3913
9
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
based on the HFSJ page 648


What it says there? (I don't have the book right now). But "Basic" is the weakest and Client-cert is the strongest among those auth methods. I think there are ways we can implement FORM based authentication in secure manner (I haven't check that by implementing actually). So the given answer is correct I think.
 
raja ram
Ranch Hand
Posts: 169
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It Says,

Basic Weak
Digest Strongest
Client-Cert Strong
Form Weakest
 
Vijitha Kumara
Bartender
Posts: 3913
9
Chrome Fedora Hibernate
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well, actually both FORM and BASIC has no encryption hence hard to say which is more secure except that FORM based allows to use our own custom login pages (which has virtually nothing to do with security) . DIGEST is neither guranteed by the spec nor supported by some browsers. But CLIENT-CERT uses HTTPS hence strongest among these. You may look at here for a brief expalanation of all these.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic