dotfreelancer dotfreelancer - 1 month ago 15
HTTP Question

What is the difference between Digest and Basic Authentication?

What is the difference between Digest and Basic Authentication ?

Answer

Digest Authentication communicates credentials in an encrypted form by applying a hash function to the the username, the password, a server supplied nonce value, the HTTP method, and the requested URI.

Whereas Basic Authentication uses unencrypted base64 encoding.

Therefore Basic Authentication should generally only be used where transport layer security is provided such as https.

See RFC-2617 for all the gory details.

Comments