The comment Simon made about encryption applies to any method of logging into a web site that doesn't run over SSL. That said, it would probably be easier to write a client side exploit to intercept the user name and password when basic authentication is used because it is sent in a predictable way.

To me, the bigger concern is not many sites use basic authentication anymore so using a form to login will provide a better user experience.

Matt

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Simon Coulter
Sent: Sunday, November 08, 2009 3:47 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] PHP - authenticate and authorize using AS400 profile


On 09/11/2009, at 7:27 AM, Kelly Cookson wrote:

Thanks for the clarifications. I will look into Basic Authentication
using Zend Core for i5 when I have a chance.

Be aware that Basic Authentication does not encrypt the UID/PWD it
merely encodes it. Anyone who can intercept an encoded data stream can
recover the UID/PWD.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.