Jump to content

HTTP Authentication

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Edmundwoods (talk | contribs) at 08:42, 8 December 2007 (Move the template). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

HTTP Authentication is the built in mechanism of the HTTP 1.x protocol for requiring a valid username or password to gain access to web resources. This mechanism can be initiated by either a CGI script or by the web server itself.

Modes of Authentication

There are currently 2 modes of authentication built into the HTTP 1.1 protocol:

Basic Authentication transmits the username-password pair in an unencrypted form from the browser to the server and in such should not be used for sensitive logins unless operating over an encrypted medium such as SSL.

Digest Authentication sends the server a one way hash of the username-password pair calculated with a time sensitive, server supplied salt value. This was developed to provide a general use, simple implementation, access control that could be used over unencrypted channels. Users should note that it is not as secure as Kerberos or client-side private-key authentication mechanisms. It is also important to note that only the username-password is protect by the hashing mechanism and that without the use of an encrypting medium such as SSL all retrieved documents will still be visible to all parties with access to network traffic.

Overview of HTTP Authentication

This article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=HTTP_Authentication&oldid=176536380"