What are most used authentication methods for web applications?

JavaFAQ Home » Security

Question: What are most used authentication methods for web applications?

Answer: A few most common methods are used for authentication today:
basic, form based, digest and certificate methods.

With basic authentication name and password are taken from login dialog.
The weak side of this method is that the username and password are transmitted to the server using base64 encoding (that is, almost in plain text).

The form-based authentication method is the same as a basic, but the server uses a custom login page, instead of displaying the standard login page. Username and password are sent in the same way as in method above.

In contrast, the digest authentication method doesn't pass the password over the network at all. A series of numbers is generated (based on the password and other information about the request), and these numbers are then hashed using MD5 (Message Digest Algorithm). The hash value (digest) is sent over the network along with other information that the server can use to verify the password. This method is obviously more secure over the network.

Client certificate authentication uses SSL (secure socket layer) and client certification. Developed by Netscape and become most popular authentication method that used on Internet.

*******************************************
Our older tips: March 22, 2001 - October 21, 2002 READ HERE
All published and not published on the site tips read HERE

Custom Search