Previous wordsThe basic certification described in the previous article is convenient and flexible, but extremely unsafe. The user name and password are transmitted in clear text, and no action is taken to prevent tampering with the message. The
No authentication method
After a correct client request is sent to the server, the HTTP server returns the 200 status code and directly returns the content.
Message example:
Request:
Get. http: // 10.127.194.3: 8061/voiceobjects .....
Return
Digest access authenticationHttps://en.wikipedia.org/wiki/Digest_access_authentication
Digest access authentication is one of the Agreed-upon methods a Web server can use to negotiate credentials, suc H as username or password, with a user '
Http authentication .... BASIC:In the context of an HTTP transaction, Basic access authentication are a method for a Web browser or other client Program to provide a user name and password when making a request. [1]Before transmission, the user name
"Digest" Authentication (Digest authentication) is a simple authentication mechanism, originally developed for the HTTP protocol, and is often called an HTTP digest, described in RFC2671. Its authentication mechanism is simple, it uses hash (hash)
A. Basic CertificationAfter the client connects the user name and password with ":", the ciphertext is sent to the server by BASE64 encryption via the authorization request header, and each request needs to be sent repeatedly. The Basic
In the previous article, we mainly discussed the use of HTTP Basic authentication method, because the way HTTP Basic authentication determines that it has a large security problem, so next look at another way to verify: Digest authentication, that
An alternative method of Basic authentication proposed by Certified Digest authentication ←http1.1
Server-side to nonce for questioning, the client to the user name, password, nonce,http method, the request URI, such as the basis of information
This article transferred from: http://www.cnblogs.com/lanxiaoke/p/6357501.htmlSummary Certification Simple introductionAbstract authentication is the improvement of the basic authentication, that is, the use of abstract instead of account password,
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.