https://en.wikipedia.org/wiki/Basic_access_authentication to be used with HTTPS otherwise you pass the password in clear text (no digest). Popup-based (unlike with form-based).
"To unauthenticated requests, the server should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field."
https://en.wikipedia.org/wiki/Form-based_authentication
https://en.wikipedia.org/wiki/HTTP%2BHTML_form-based_authentication same as "form-based authentication"
https://en.wikipedia.org/wiki/Digest_access_authentication use a hash function + nonce (HA1 = MD5(username:realm:password)) to encrypt username:password, making it more secure that basic authentication
Something completely NUTS: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields "Authorization Authentication credentials for HTTP authentication. Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== " they want to AUTHENTICATE but they use a "Authorization" header.... how confusing...
Tuesday, May 8, 2018
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment