Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>From security perspective, both the <strong>form based</strong> and <strong><a href="http://en.wikipedia.org/wiki/Basic_access_authentication" rel="nofollow noreferrer">HTTP Basic Access Authentication</a></strong> use plain text for sending the authentication data. (Sure, HTTP Basic Auth additionally uses Base64, but that’s no hitch.)</p> <p>While HTTP Basic Auth sends the authentication data on every request, the form based authentication only sends the authentication data when the form is sent (remember: both in plain text). Commonly sessions are used to maintain the state when using form based authentication.</p> <p>So if you want to use one of these, be sure to encrypt your connection using HTTPS to prevent sniffing and <a href="http://en.wikipedia.org/wiki/Session_hijacking" rel="nofollow noreferrer">man-in-the-middle attacks</a>. And when you choose the form and session based variant, be sure to secure your session handling too to prevent or at least detect session frauds like <a href="http://en.wikipedia.org/wiki/Session_fixation" rel="nofollow noreferrer">Session Hijacking</a> and <a href="http://en.wikipedia.org/wiki/Digest_access_authentication" rel="nofollow noreferrer">Session Fixation</a>.</p> <p>The last variant is <strong><a href="http://en.wikipedia.org/wiki/Challenge-response_authentication" rel="nofollow noreferrer">HTTP Digest Access Authentication</a></strong>. The main difference between this and Basic is, that Digest is a <a href="http://en.wikipedia.org/wiki/Challenge-response_authentication" rel="nofollow noreferrer">challenge-response authentication</a> whereas the client has to fulfill a challenge on every request and the response is just a MD5 hash. So no authentication data in plain text is being send.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload