0

I am going to create an application which will have a regular web interface where a user can sign up, access some resources.

I am reading up on different means of authentication- Basic authentication, digest authentication, openid , oauth, oauth2...

What I want to know is, if I implement basic or digest authentication, then is it secure? Because in many sites that I visited, the talk was about oauth and how secure it is. Open ID was also mentioned in some of the sites I visited...

The current usage scenario for which I am looking at end user authentication is for a web interface in a web app. Another usage scenario is for a JAX-RS based web service. Which means of authentication is secure for these 2 usage scenarios? Ideally I want to use the same means of auth in both scenarios...

4

1 回答 1

2

对于面向用户的部分,开箱即用的 Web 浏览器支持 Basic 和 Digest。如果您使用 cookie 建立会话,基于表单或 OpenID 的身份验证也将起作用。如果您使用 Basic,请务必使用 SSL,因为密码将在未加密的消息头中传递。

OAuth 旨在授权第 3 方客户端,以便他们可以在不知道用户密码的情况下访问用户拥有的资源,并且不必具有与用户自己相同的访问级别。我建议将其用于编程 API。

于 2012-06-24T19:12:04.680 回答