aspose file tools*
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Doubt on Auth methods Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Doubt on Auth methods" Watch "Doubt on Auth methods" New topic
Author

Doubt on Auth methods

raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
Hi,

Based on the increasing strengths arrange the authentication mechanisms

a. Form < Basic < Client-cert < Digest
b. Basic < Form < Digest < Client-Cert

I selected a. based on the HFSJ page 648; but the answer says b.

Thanks
Vijitha Kumara
Bartender

Joined: Mar 24, 2008
Posts: 3858

Please quote your sources (where did you get it?)


SCJP 5 | SCWCD 5
[How to ask questions] [Twitter]
raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
Hi,

From enthuware mock exam,any updates on this.

Thanks
Vijitha Kumara
Bartender

Joined: Mar 24, 2008
Posts: 3858

based on the HFSJ page 648


What it says there? (I don't have the book right now). But "Basic" is the weakest and Client-cert is the strongest among those auth methods. I think there are ways we can implement FORM based authentication in secure manner (I haven't check that by implementing actually). So the given answer is correct I think.
raja ram
Ranch Hand

Joined: Mar 02, 2008
Posts: 169
It Says,

Basic Weak
Digest Strongest
Client-Cert Strong
Form Weakest
Vijitha Kumara
Bartender

Joined: Mar 24, 2008
Posts: 3858

Well, actually both FORM and BASIC has no encryption hence hard to say which is more secure except that FORM based allows to use our own custom login pages (which has virtually nothing to do with security) . DIGEST is neither guranteed by the spec nor supported by some browsers. But CLIENT-CERT uses HTTPS hence strongest among these. You may look at here for a brief expalanation of all these.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doubt on Auth methods