Authentication Options for the World Wide Web

In almost every web application, a user will have to log in with a username and password before they are able to access any of the pages. Implementing such a requirement can be done through two different methods; basic authentication and digest authentication. Each type of authentication has its own advantages and disadvantages. The method of authentication will be chosen based on security requirements, ease of use, and the methods overall effectiveness.

Basic Authentication

Basic authentication is supported by almost every HTTP server web browsers and daemons. This makes it the more widely used method of authentication. In order to use basic authentication, you will have to configure your HTTP daemon so that it understands which documents will require authentication. The method of doing this will vary with the different types of HTTP servers.  Unfortunately, basic authentication is not very secure. This is because the basic method of authentication will send your username and password over your network in clear text. This means that you will be vulnerable to any packet sniffers. If you have a well designed HTTP server, some of these problems can be reduced.

Digest Authentication

Digest authentication has originally added to HTTP standards to allow users to be authenticated without having to send passwords in clear text over the network. Essentially, the digest authentication method is an upgraded and fixed version of basic authentication. The reason most users do not use digest authentication is that it has taken a long time for every browser to support it, so it has taken longer to catch on. A wide array of compatibility issues has also caused the delays in the method of authentication. One of the main issues with digest Web Authentication is a decrease in flexibility. The flexibility that is affected by digest authentication includes the methods of storing your password. The server that you use will have to be able to generate methods of protecting your username, authentication realm name, and the password. This means that your server will have to either be able to access the plain text password, or the checksum will need to be stored in a database. If the passwords are encrypted by another encryption method, you will not be able to use digest authentication out of a database. One area where digest authentication is inferior to basic authentication in terms of security. Those who are unauthorized to access a password database with basic authentication will not get much information. Since only encrypted passwords are stored in the basic authentication database, there is a lower risk of being able to get authenticated.

Authentication is important to the overall security of your computer and the files that you store there. You can choose between basic authentication or digest authentication. In order to properly choose an authentication method, you will have to make sure that you understand the requirements that your system will have to meet. While basic is less secure that digest, it is more developed and easier to use. However, depending on the type of files to be authenticated, you may want to invest the extra time it will take to implement digest authentication.

Speak Your Mind

*