RFC 2617: HTTP Authentication: Basic and Digest Ac...
RFC-Ref
Previous
|
Next
Frontpage
|
Contents
|
Keywords
HTTP Authentication: Basic and Digest Access Authentication
1. Access Authentication
1.1. Reliance on the HTTP/1.1 Specification
1.2. Access Authentication Framework
2. Basic Authentication Scheme
3. Digest Access Authentication Scheme
3.1. Introduction
3.1.1. Purpose
3.1.2. Overall Operation
3.1.3. Representation of digest values
3.1.4. Limitations
3.2. Specification of Digest Headers
3.2.1. The WWW-Authenticate Response Header
3.2.2. The Authorization Request Header
3.2.2.1. Request-Digest
3.2.2.2. A1
3.2.2.3. A2
3.2.2.4. Directive values and quoted-string
3.2.2.5. Various considerations
3.2.3. The Authentication-Info Header
3.3. Digest Operation
3.4. Security Protocol Negotiation
3.5. Example
3.6. Proxy-Authentication and Proxy-Authorization
4. Security Considerations
4.1. Authentication of Clients using Basic Authentication
4.2. Authentication of Clients using Digest Authentication
4.3. Limited Use Nonce Values
4.4. Comparison of Digest with Basic Authentication
4.5. Replay Attacks
4.6. Weakness Created by Multiple Authentication Schemes
4.7. Online dictionary attacks
4.8. Man in the Middle
4.9. Chosen plaintext attacks
4.10. Precomputed dictionary attacks
4.11. Batch brute force attacks
4.12. Spoofing by Counterfeit Servers
4.13. Storing passwords
4.14. Summary
5. Sample implementation
6. Acknowledgments
7. References
8. Authors' Addresses
9. Full Copyright Statement
10. Acknowledgement
Previous
|
Next
Frontpage
|
Contents
|
Keywords
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org
