Easy! IT | WEB | Basic access authentication
This article is a rough explanation of Basic access authentication.
Everything might be not exactly correct in this article but it’s very useful for beginners to understand IT terms. If you want to learn IT but you don’t have any experience to work in the IT industry, I wish it helps you to understand IT. And I hope this article makes you study IT more.
Let’s start our 3 minutes lesson!
What is Basic access authentication?
- Basic access authentication is also called Basic authentication(BA).
- Basic access authentication is one of HTTP authentication.
- Basic access authentication is the simplest technique in authentication.
- Basic access authentication is not a secure method.
If you don’t know HTTP, I suggest you read the following articles before you read this article.
Easy! IT | WEB | World Wide Web | Japan Teams
Easy! IT | WEB | HyperText Transfer Protocol | Japan Teams
Easy! IT | WEB | HTTP Authentication | Japan Teams
1. Proceduers
I explain typical HTTP Basic authentication traffic between HTTP clients and HTTP servers.
1. Page request from clients(Server side)
A client asks the WEB server to give the page which the user wants to check. He doesn’t request the authentication page because he doesn’t know that he needs to log in at first.
2. The response code 401 (Server side)
The WEB server returns 401 code to tell the client what kind of information servers need.
3. Imput necessary information (Client side)
A client asks the user to input information, such as ID and Password. A user can cancel it at this moment. If a user input his ID and password, a client sends a request with that information added into the authentication header field.
4. Return the results(Server side)
If the authentication is successful, the server accepts the request. But if his ID or password is wrong, the server will return 401 again to reenter the ID and password.
2. Vulnerabilities
There are the following vulnerabilities, so you need more strong authentication systems if you provide the webservers.
- HTTP request smuggling
- HTTP response splitting
- HTTP header injection
Information source: Basic access authentication – Wikipedia
fin
|