Details

    • Type: Language-Specification
    • Status: Active
    • Resolution: Unresolved
    • Labels:
      None
    • Impact:
      Unknown 'null' severity
    • Likelihood:
      Unknown 'null' severity

      Description

      Basic authentication's only means of obfuscation is Base64 encoding. Since Base64 encoding is easily recognized and reversed, it offers only the thinnest veil of protection to your users, and should not be used.

      Noncompliant Code Example

      // in web.xml
      <web-app  ...>
        <!--  ...  -->
        <login-config>
          <auth-method>BASIC</auth-method>
        </login-config>
      </web-app>
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: