Wikipedia

Basic access authentication: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Lee J Haywood (talk | contribs)
1,797 edits
m plain text -> plaintext link
Lee J Haywood (talk | contribs)
1,797 edits
Expanded base-64 explanation, removed bogus header from final response in example
Line 1:
In the context of an [[HTTP]] transaction, the '''basic authentication scheme''' is a method designed to allow a [[web browser]], or other client program, to provide credentials – in the form of a [[user name]] and [[password]] – when making a request. Although the scheme is easily implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, the credentials are passed as [[plaintext]] and could be intercepted easily. The scheme also provides no protection for the information passed back from the server.
 
To prevent the user name and password being read directly by a person, they are encoded as a sequence of [[Base64|base-64]] characters before transmission. For example, the user name <tt>&quot;Aladdin&quot;</tt> and password <tt>&quot;open sesame&quot;</tt> would be combined as <tt>&quot;Aladdin:open sesame&quot;</tt> &ndash; which is equivalent to <tt>QWxhZGRpbjpvcGVuIHNlc2FtZQ==</tt> when encoded in base-64. Little effort is required to translate the encoded string back into the user name and password.
Although the scheme is easily implemented, it relies on the assumption that the connection between the client and server computers is secure and can be trusted. Specifically, the credentials are passed as [[plaintext]] and could be intercepted easily. The scheme also provides no protection for the information passed back from the server. To prevent the user name and password being read directly, they are encoded as a sequence of [[Base64|base-64]] characters before transmission. A later mechanism, [[digest access authentication]], was developed in order to replace the basic authentication scheme and enable credentials to be passed in a relatively secure manner over an otherwise insecure channel.
 
One advantage of the basic authentication scheme is that it is supported by mostalmost clientsall popular web browsers. It is rarely used on normal [[Internet]] [[Website|web sites]] but is suitable for small, private systems. A later mechanism, [[digest access authentication]], was developed in order to replace the basic authentication scheme and enable credentials to be passed in a relatively secure manner over an otherwise insecure channel.
 
The basic authentication scheme was originally defined by RFC 1945 although further information regarding security issues may be found in RFC 2068 and RFC 2617.
Line 63:
Server: SokEvo/1.0
Date: Sat, 27 Nov 2004 10:19:07 GMT
WWW-Authenticate: Basic realm="SokEvo"
Content-Type: text/html
Content-Length: 10476
Retrieved from "https://en.wikipedia.org/wiki/Basic_access_authentication"