HTTP (07) - Authentication - Moment For Technology

This is the 7th day of my participation in Gwen Challenge

What is authentication?

The computer needs to check some information to confirm that it is the person logging in.

The following information is usually checked:

password
Dynamic token: one-time password
Digital certificate: terminal information
Biometric authentication: fingerprint, iris, etc
IC card

HTTP authentication is generally performed in the following ways:

BASICCertification (Basic Certification)
DIGESTCertification (Summary certification)
SSLClient Authentication
FormBaseAuthentication (form-based authentication)

BASIC authentication

BASIC authentication encodes usernames and passwords using BASE64, but BASE64 is not an encryption method and can easily intercept these user information. In addition, common browsers can only perform BASIC authentication once and cannot log out of authentication.

This authentication method is not commonly used because it is not flexible or secure

DIGEST authentication

To compensate for BASIC’s shortcomings in transmitting passwords in plaintext, DIGEST authentication has been available since HTTP/1.1. It also uses a challenge/response approach.

It is mainly divided into three steps:

The client sends the authentication request
The server returns a challenge code
The client computes the response code from the challenge code and sends it to the server

DIGEST has a higher level of security than BASIC, but security is still weak and there is no protection against user masquerading.

SSL client authentication

If the account password is used for authentication, a third party will impersonate the account password once the password is leaked. However, SSL uses the certificate for authentication and this problem does not exist.

Two-factor authentication

That is, through multiple means to verify user identity information.

For example, the SSL client certificate is used to verify the client computer, and the user name and password are used to determine whether the user himself uses the computer.

Form-based validation

Cookies are typically used to manage sessions

Because HTTP itself cannot achieve state management, the user cannot be distinguished from other users even when he or she next visits, so cookies are used for state management

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

HTTP (07) – Authentication

What is authentication?

BASIC authentication

DIGEST authentication

SSL client authentication

Two-factor authentication

Form-based validation

HTTP (07) – Authentication

What is authentication?

BASIC authentication

DIGEST authentication

SSL client authentication

Two-factor authentication

Form-based validation

Related Posts

Short video system development is facing technical challenges, there is pressure to have power

How else can you cache data without caching services?

Linux installation mongo