Hi all,
I have some doubts in Web security chapter moch questions(Page 664)
1. Question 6 Which security mechanism can be implemened by using HttpServletRequest?
Book Answer A.authorization and C. Authentication
I am not able to understand how authentication can be implemented prog. by calling getRemoteUser.API says Returns the remote user if authenticated.
That means authentication is implemented through DD, before we call these methods.If so answer is just Authrization.pls help me understand what is corect
2. Question 9. Whcih authentication mechanism is recommended if only cookies or SSL Sesstion tracking is in place?
Book Answer Form based (reason Form based login session tracking can be difficult to implement, therefore a separate session tracking mechanish is recommened)
Why HTTP BASIC can not be used? Is SSL session tracking different from HTTPSession tracking? is HttpSessionTracking enough for FORM authorization?
Please help ASAP. I will be writing
test in few days.
Thanks
Sharika