• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Authentication type

 
Ranch Hand
Posts: 219
Firefox Browser Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi ranchers,

This is taken from www.j2eecertificate.com

<web-app>
....
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/signin.jsp</form-login-page>
<form-error-page>/signin_error.jsp</form-error-page>
</form-login-config>
</login-config>
...
</web-app>

Given the following extract from a deployment descriptor, which of the following statements regarding authentication are true? [Check all correct answers]

1. The user interface used to capture the username and password can be customised with its own look-and-feel.
2. The username and password is encoded using the Base64 mechanism before being sent to the server.
3. This authentication method is supported by all browsers.
4. This authentication method is supported by all servlet containers that conform to the servlet specification.
5. When a protected resource is requested, the browser opens a dialog box prompting for a username and password.

The answer is: 1, 3, 4
(My answer was: 1, 2, 3, 4)

I understand that FORM auth type is similar to BASIC auth type in the way of sending the password. But I also know that BASIC auth will encode the password in Base64, so why the FORM doesnt encode?
Is the answer correct?
Thanks.
 
Ranch Hand
Posts: 85
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Using Form auth type, Username and password are sent back in the Request with no encryption
 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Using BASIC authentication the username and password sent using base64 encoding, but when you use FORM base authentication they are sent in clear text.

Thanks
 
Rancher
Posts: 43027
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Note that base-64 is an encoding, not an encryption, so it is easily reversed. If you want the password to be transferred securely, use SSL.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic