Basic Authentication
Click on the red underlined text to get to the source
... Basic Authentication Scheme ...
... proxy server. See section 4 for
security considerations associated with Basic authentication.
...
... Digest authentication scheme described in this document suffers
from many known limitations. It is intended as a replacement for
Basic authentication and nothing more. It is a password-based system
and (on the server side ...
... scheme. Nevertheless it is better than nothing, better than what is
commonly used with telnet and ftp, and better than Basic
authentication.
...
...
The Basic authentication scheme is not a secure method of user
authentication, nor does it in any way protect the entity ...
... addition of enhancements (such as schemes to use one-time passwords)
to Basic authentication.
...
...
The most serious flaw in Basic authentication is that it results in
the essentially cleartext transmission of the user's password over
...
...
Because Basic authentication involves the cleartext transmission of
passwords it SHOULD NOT be used (without enhancements) to protect
...
...
A common use of Basic authentication is for identification purposes
-- requiring the user to provide a user name and password ...
...
Basic Authentication is also vulnerable to spoofing by counterfeit
servers. If a user can be led to believe that he is connecting to a
...
... servers. If a user can be led to believe that he is connecting to a
host containing information protected by Basic authentication when,
in fact, he is connecting to a hostile server or gateway, then the
...
... Comparison of Digest with Basic Authentication ...
...
Both Digest and Basic Authentication are very much on the weak end of
the security strength spectrum. But a comparison ...
... database whose use is
restricted to paying subscribers. With Basic authentication an
eavesdropper can obtain the password of the user. This not only
...
... client request and the server will only deliver that document. By
contrast under Basic Authentication once the eavesdropper has the
user's password, any document protected by that password ...
... MITM attack would be to remove all offered choices,
replacing them with a challenge that requests only Basic
authentication, then uses the cleartext credentials from the Basic
authentication to authenticate ...
... replacing them with a challenge that requests only Basic
authentication, then uses the cleartext credentials from the Basic
authentication to authenticate to the origin server using the
stronger scheme it requested. A particularly insidious way to mount
...
... client wanted. Of course, this is
still much harder than a comparable attack against Basic
Authentication.
...
...
Basic Authentication is vulnerable to spoofing by counterfeit
servers. If a user can be led to believe that she is connecting to a
...
... for a large range of purposes it is valuable as a replacement for
Basic Authentication. It remedies some, but not all, weaknesses of
Basic Authentication. Its strength may vary depending on the
...
... Basic Authentication. It remedies some, but not all, weaknesses of
Basic Authentication. Its strength may vary depending on the
implementation. In particular the structure of the nonce (which is
...
... relatively weak by cryptographic standards, but *any* compliant
implementation will be far superior to Basic Authentication.
...