Method of negotiating credentials between web server and browser
HTTP
Persistence
Compression
HTTPS
QUIC
Request methods
OPTIONS
GET
HEAD
POST
PUT
DELETE
TRACE
CONNECT
PATCH
Header fields
Cookie
ETag
Location
HTTP referer
DNT
X-Forwarded-For
Response status codes
301 Moved Permanently
302 Found
303 See Other
403 Forbidden
404 Not Found
451 Unavailable for Legal Reasons
Security access control methods
Basic access authentication
Digest access authentication
Security vulnerabilities
HTTP header injection
HTTP request smuggling
HTTP response splitting
HTTP parameter pollution
v
t
e
Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user's web browser. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of hashing, making it non-secure unless used in conjunction with TLS.
Technically, digest authentication is an application of MD5 cryptographic hashing with usage of nonce values to prevent replay attacks. It uses the HTTP protocol.
This standard is obsolete since July 2011.[1]
^Moving DIGEST-MD5 to Historic, July 2011.
and 26 Related for: Digest access authentication information
since July 2011. Digestaccessauthentication was originally specified by RFC 2069 (An Extension to HTTP: DigestAccessAuthentication). RFC 2069 specifies...
In the context of an HTTP transaction, basic accessauthentication is a method for an HTTP user agent (e.g. a web browser) to provide a user name and...
appropriate user group to access the resource. Authentication required: In some cases, the server requires authentication to access certain resources. If...
HTTP/1.1. HTTP provides multiple authentication schemes such as basic accessauthentication and digestaccessauthentication which operate via a challenge–response...
may log in using any authentication mechanism supported by the server. It is mainly used by submission servers, where authentication is mandatory. SMTP...
of a 404 error appearing on a web page was in 1993, when a user tried to access a page about the Mosaic web browser on the NCSA website. The page had been...
mechanism for digestaccessauthentication. AKA is a challenge–response based mechanism that uses symmetric cryptography. AKA – Authentication and Key Agreement...
DigestDigest size magazine format Digest (Roman law), also known as Pandects, a digest of Roman law Digest, a MIME Multipart Subtype Digestaccess authentication...
or HTTP over SSL. The principal motivations for HTTPS are authentication of the accessed website and protection of the privacy and integrity of the exchanged...
Basic accessauthentication and Digestaccessauthentication. 401 semantically means "unauthorised", the user does not have valid authentication credentials...
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA)...
passphrase to get access and collect as much of the loot as he could carry. Denial-of-service attack Digestaccessauthentication Man-in-the-middle attack...
HTTP protocol includes the basic accessauthentication and the digestaccessauthentication protocols, which allow access to a web page only when the user...
Simple Authentication and Security Layer (SASL) is a framework for authentication and data security in Internet protocols. It decouples authentication mechanisms...
advantage of existing technologies such as Transport Layer Security, digestaccessauthentication or XML to satisfy those requirements. Many modern operating systems...
authorization can take place via HTTP's Digestaccessauthentication mechanism, GSSAPI, or any other HTTP authentication methods. Encryption is provided using...
both web frontends and backends. API key Access token Basic accessauthenticationDigestaccessauthentication Claims-based identity HTTP header Concise...
information in order to popularize the spammer's website. It is possible to access the referrer information on the client side using document.referrer in JavaScript...
providing simple HTTP web servers. It uses basic accessauthentication and digestaccessauthentication for different kinds of servers that it can create...