| Author |
Doubt on Auth methods
|
raja ram
Ranch Hand
Joined: Mar 02, 2008
Posts: 169
|
|
Hi,
Based on the increasing strengths arrange the authentication mechanisms
a. Form < Basic < Client-cert < Digest
b. Basic < Form < Digest < Client-Cert
I selected a. based on the HFSJ page 648; but the answer says b.
Thanks
|
 |
Vijitha Kumara
Bartender
Joined: Mar 24, 2008
Posts: 3670
|
|
|
Please quote your sources (where did you get it?)
|
SCJP 5 | SCWCD 5
[How to ask questions] [Twitter]
|
|
raja ram
Ranch Hand
Joined: Mar 02, 2008
Posts: 169
|
|
Hi,
From enthuware mock exam,any updates on this.
Thanks
|
|
Vijitha Kumara
Bartender
Joined: Mar 24, 2008
Posts: 3670
|
|
based on the HFSJ page 648
What it says there? (I don't have the book right now). But "Basic" is the weakest and Client-cert is the strongest among those auth methods. I think there are ways we can implement FORM based authentication in secure manner (I haven't check that by implementing actually). So the given answer is correct I think.
|
|
raja ram
Ranch Hand
Joined: Mar 02, 2008
Posts: 169
|
|
It Says,
Basic Weak
Digest Strongest
Client-Cert Strong
Form Weakest
|
|
Vijitha Kumara
Bartender
Joined: Mar 24, 2008
Posts: 3670
|
|
|
Well, actually both FORM and BASIC has no encryption hence hard to say which is more secure except that FORM based allows to use our own custom login pages (which has virtually nothing to do with security) . DIGEST is neither guranteed by the spec nor supported by some browsers. But CLIENT-CERT uses HTTPS hence strongest among these. You may look at here for a brief expalanation of all these.
|
|
 |
|
|
subject: Doubt on Auth methods
|
|
|
0
