This table summarizes key attributes of the four authentication types. “Spec” refers to whether this type of authentication mechanism is defined in the HTTP spec or the J2EE spec. (Hint: you’ll need to remember this table when you take the exam.)
Type | Spec | Data Integrity | Comments |
---|---|---|---|
BASIC | HTTP | Base64 - weak | HTTP standard, all browsers support it |
DIGEST | HTTP | Stronger - but not SSL | Optional for HTTP and J2EE containers |
FORM | J2EE | Very weak, no encryption | Allows a custom login screen |
CLIENT-CERT | J2EE | Strong - public key, (PKC) | Strong, but users must have certificates |
There are no Dumb Questions
Sharpen your pencil
Fill-in the missing pieces for this FORM-based authentication app. This is just to help you memorize the authentication-related pieces of the DD and the HTML form. (The answers are on the previous page.)
DD ________________________________________________________
HTML ______________________________________________________