You are just validating the user name and password, am I correct?
Can you please elaborate , how does it satisfy below requirements (if possible , please give an example)
- Confidentiality
Integrity
Authorization
Moderators: Site Manager, fjwalraven
Correct.I thought "HTTP basic authentication" only ensures "Authentication" security requirement. You are just validating the user name and password, am I correct?
That is satisfied by the second part of the problem statement: "HTTP Basic Authentication is widely used over a HTTPS transport layer. "Can you please elaborate , how does it satisfy below requirements (if possible , please give an example)
Confidentiality
Integrity
Authorization
Code: Select all
<security-constraint>
<web-resource-collection>
<web-resource-name>Security WS</web-resource-name>
<url-pattern>/MathTableImplService</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>student</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
I just found out that the HTTP "Authorization" header has the username:password encoded in Base64.rkbansal83 wrote:I thought "HTTP basic authentication" only ensures "Authentication" security requirement.
You are just validating the user name and password, am I correct?
Can you please elaborate , how does it satisfy below requirements (if possible , please give an example)
- Confidentiality
Integrity
Authorization
The question states that Basic Authentication is used over an HTTPS connection and therefore eliminates the possibility of using mutual Authentication (i.e. HTTPS Client Authentication) which effectively means that in this scenario the non-repudiation requirement is not met.Fair enough in the context of the Author of the question there is no Third party to verify the client, but the fact remains in the question it does not state this
Users browsing this forum: No registered users and 70 guests