📘
Deuterium Wiki
  • Hello
  • Linux
    • cmd
      • du: 显式文件大小
      • seq: 生成序列
      • cat: 连接
      • cp: 复制
      • cd: 切换目录
      • mv: 移动
    • awk
      • 执行awk脚本
      • 删除空行
      • 个数统计
      • 文件的交集
      • 文件的差集
    • mysql
      • 删除重复数据
      • 导出数据不带标题
  • Reading
    • Novel
      • 《基督山伯爵》人物关系
    • Awesome CS Books
      • csapp-3e-homework-solution
        • 1. A Tour of Computer Systems
        • 2. Representing and Manipulating Information
          • 2.55 Compile and Run
          • 2.56 Another Try
          • 2.57 More show Procedures
          • 2.58 Check Little-Endian
          • 2.59 Bit Expressions
          • 2.60 Replace Byte
          • 2.61 More Bit Expressions
          • 2.62 Check Arithmetic Right Shift
          • 2.63 Logic & Arithmetic Right Shift
          • 2.64 Any Odd One
          • 2.65 Odd Ones
          • 2.66 Leftmost One
          • 2.67 Int Size is 32
          • 2.68 Lower One Mask
          • 2.69 Rotate Left
          • 2.70 Fits Bits
          • 2.71 Xbyte
          • 2.72 Copy Int
          • 2.73 Saturating Add
          • 2.74 Sub OK
          • 2.75 Unsigned High Prod
          • 2.76 calloc
          • 2.77 Multiple By Shifts
          • 2.78 Divide Power 2
          • 2.79 Mul3div4
          • 2.80 Three Fourths
          • 2.81 Generate Bits
          • 2.82 Signed and Unsigned
          • 2.83 Binary Floating Value
          • 2.84 Float Le
          • 2.85 Floating Point I
          • 2.86 Extend Precision
          • 2.87 Floating-Point II
          • 2.88 Floating-Point III
          • 2.89 Floating-Point IV
          • 2.90 fpwr2
          • 2.91 π
          • 2.92 Float Negate
          • 2.93 Float Absval
          • 2.94 Float Twice
          • 2.95 Float Half
          • 2.96 Float f2i
          • 2.97 Float i2f
        • 3. Machine-Level Representation of Programs
          • 3.58 Decode
          • 3.59 128-bit Multiply
          • 3.60 For Loop
          • 3.61 Conditional Data Transfer
          • 3.62 Switch I
          • 3.63 Switch II
          • 3.64 Multiple Dimension Array I
          • 3.65 Multiple Dimension Array II
          • 3.66 Multiple Dimension Array III
          • 3.67 Caller and Callee
          • 3.68 Alignment
          • 3.69 Struct
          • 3.70 Union
          • 3.71 fgets
          • 3.72 Variable-Size Stack
          • 3.73 Find Range I
          • 3.74 Find Range II
          • 3.75 Complex
      • tcpv1
        • ch01: Introduction
        • ch02: Link Layer
        • ch03: Internet Protocol
        • ch04: Address Resolutin Protocol
        • ch05: Reverse Address Resolution Protocol
        • ch06: Internet Control Message Protocol
        • ch07: Ping Program
        • ch08: Traceroute Program
        • ch09: IP Routing
        • ch10: Dynamic Routing Protocols
        • ch11: User Datagram Protocol
        • ch12: Broadcasting and Multicasting
        • ch13: Internet Group Management Protocol
        • ch14: The Domain Name System
        • ch15: Trivial File Transfer Protocol
        • ch16: Boostrap Protocol
        • ch17: Transmission Control Protocol
        • ch18: TCP Connection Establishment and Termination
        • ch 19: TCP Interactive Data Flow
        • ch20: TCP Bulk Data Flow
      • http
        • ch01: Overview of HTTP
        • ch02: URLs and Resources
        • ch03: HTTP Messages
        • ch04: Connection Management
        • ch05: Web Servers
        • ch06: Proxies
        • ch07: Caching
        • ch08: Integration Points
        • ch09: Web Robots
        • ch10: HTTP-NG
        • ch11: Client Identification and Cookies
        • ch12: Basic Authentication
        • ch13: Digest Authentication
        • ch14: Secure HTTP
        • ch15: Entities and Encodings
        • ch16: Internationalizated
        • ch17: Content Negotiation and Transcoding
        • ch18: Web Hosting
        • ch19: Publishing Systems
        • ch20: Redirections and Load Balancing
        • ch21: Logging and Usage Tracking
    • 提升认知
      • 《为什么需要生物学思维》
      • 《大话西方艺术史》
  • Mathematics
Powered by GitBook
On this page
  • 1. Authentication
  • 1.1 HTTP's Challenge/Response Authentication Framework
  • 1.2 Authentication Protocols and Headers
  • 1.3 Security Realms
  • 2. Basic Authentication
  • 2.1 Basic Authentication Example
  • 2.2 Base-64 Username/Password Encoding
  • 2.3 Proxy Authentication
  • 3. The Security Flaws of Basic Authentication
  • 3.1 Username and password can be decoded
  • 3.2 Replay attacks
  • 3.3 Social behavior makes it dangerous
  • 3.4 Middlemen
  • 3.5 Vulenrable to spoofing by counterfeit servers

Was this helpful?

  1. Reading
  2. Awesome CS Books
  3. http

ch12: Basic Authentication

Previousch11: Client Identification and CookiesNextch13: Digest Authentication

Last updated 4 years ago

Was this helpful?

12.基本认证机制

1. Authentication

Authentication means showing some proof of your identity.

1.1 HTTP's Challenge/Response Authentication Framework

1.2 Authentication Protocols and Headers

HTTP defines two official authentication protocols: basic authentication and digest authentication.

Four phase of authentication:

Phase

Headers

Request

Challenge

401 WWW-Authenticate

Authentication

Authentication

Success

Authentication-Info

Basic authentication example:

1.3 Security Realms

Web servers group protected documents into security realms.

Each security realm can have different sets of authorized users.

2. Basic Authentication

Basic authentication is the most prevalent HTTP authentication protocol.

Just username and password.

2.1 Basic Authentication Example

Figure 12.2 shows a detailed example of basic authentication.

Basic authentication headers:

Challenge/Response

Header syntax

Challenge (server to client)

WWW-Authenticate: Basic realm=quoted-realm

Response (client to server)

Authorization: Basic base64-username-and-password

2.2 Base-64 Username/Password Encoding

HTTP basic authentication packs the username and password together (separated by a colon), and encodes them using the base-64 encoding method.

2.3 Proxy Authentication

Proxy servers can be a convenient way to provide unified access control across an organization's resources.

The first step in this process is to establish the identity via proxy authentication.

Web server versus proxy authentication:

Web server

Proxy server

Unauthorized status code: 401

Unauthorized status code: 407

WWW-Authenticate

Proxy-Authenticate

Authorization

Proxy-Authorization

Authentication-Info

Proxy-Authentication-Info

3. The Security Flaws of Basic Authentication

Basic authentication is simple and convenient, but it is not secure.

3.1 Username and password can be decoded

Given a base 64-encoded username and password, the decoding can be performed trivially by reversing the encoding process.

3.2 Replay attacks

No effort is made to prevent these replay attacks.

3.3 Social behavior makes it dangerous

Even if basic authentication is used for noncritical applications, social behavior makes this dangerous.

Many users use the same password among many web sites.

3.4 Middlemen

Basic authentication offers no protection against proxies or intermediaries that act as middlemen.

3.5 Vulenrable to spoofing by counterfeit servers

If a user can be led to believe that he is connection to a valid host protected by basic authentication when, in fact, he is connecting to a hostile server or gateway, the attacker can request a password, store it for later use, and feign an error.