Abstract
HTTP Basic Authentication and Digest Authentication are two authentication schemes, used for protecting resources on the Web. Both are based on username- and password-based credentials. When trying to log in to a web site, if the browser presents you a dialog box asking your username and password, then most probably this web site is protected with HTTP basic or digest authentication. Asking the browser to challenge the user to authenticate is one of the quick and dirty ways of protecting a web site. None or at least very few web sites on the Internet today use HTTP basic or digest authentication. Instead, they use a nice form-based authentication or their own custom authentication schemes. But still some use HTTP basic/digest authentication to secure direct API-level access to resources on the Web.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Hypertext Transfer Protocol—HTTP/1.0, www.rfc-base.org/txt/rfc-1945.txt
- 2.
Hypertext Transfer Protocol—HTTP/1.1, www.ietf.org/rfc/rfc2616.txt
- 3.
HTTP Authentication: Basic and Digest Access Authentication, www.ietf.org/rfc/rfc2617.txt
- 4.
GitHub REST API, http://developer.github.com/v3/
- 5.
An Extension to HTTP: Digest Access Authentication, www.ietf.org/rfc/rfc2069.txt
- 6.
The 401 HTTP status code is returned back in the HTTP response when the request is not authenticated to access the corresponding resource. All HTTP/1.1 status codes are defined here: www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- 7.
Chosen plaintext attack is an attack model where the attacker has access to both the encrypted text and the corresponding plaintext. The attacker can specify his own plaintext and get it encrypted or signed by the server. Further he can carefully craft the plaintext to learn characteristics about the encryption/signing algorithm. For example, he can start with an empty text, a text with one letter, with two letters likewise, and get corresponding encrypted/signed text. This kind of an analysis on encrypted/signed text is known as cryptanalysis.
- 8.
Apache Directory Studio user guide for setting up and getting started is available at http://directory.apache.org/studio/users-guide/apache_directory_studio/
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Prabath Siriwardena
About this chapter
Cite this chapter
Siriwardena, P. (2020). Basic/Digest Authentication. In: Advanced API Security. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-2050-4_21
Download citation
DOI: https://doi.org/10.1007/978-1-4842-2050-4_21
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-2049-8
Online ISBN: 978-1-4842-2050-4
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)