This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
What it says there? (I don't have the book right now). But "Basic" is the weakest and Client-cert is the strongest among those auth methods. I think there are ways we can implement FORM based authentication in secure manner (I haven't check that by implementing actually). So the given answer is correct I think.
Joined: Mar 02, 2008
Basic Weak Digest Strongest Client-Cert Strong Form Weakest
Well, actually both FORM and BASIC has no encryption hence hard to say which is more secure except that FORM based allows to use our own custom login pages (which has virtually nothing to do with security) . DIGEST is neither guranteed by the spec nor supported by some browsers. But CLIENT-CERT uses HTTPS hence strongest among these. You may look at here for a brief expalanation of all these.