http basic - username and password are send in plain text along with the request; subjected to every kind of attacks
http digest - password is hashed with md5; subjected to man-in-the-middle-attack
wsse - username and password encryption, prevents man-in-the-middle-attack, no need for web server cookies; but it requires the server and client to know some form of the password. (Either server holds the clear-text password, or the client has the hashed version of the password)
x.509 - public and private key
oauth2 - requires client id and client secret key
http basic via https - everything is encrypted
No comments:
Post a Comment