(The following content is all summarized by external resources)

Verification method

1. Basic:

http1.0 authentication method, You need to provide username and password authentication and encode it with base64. Access can only be accessed after authentication. The browser pops up a login window and enters the username and encodes it with base64. The browser will add base64 encoded content to the header of the http message, and the server will parse it and You can continue to access only after passing the authentication.

2. Digest:

Mainly to solve the security problem of Basic mode, the response authentication mode is used to replace Basic mode, but the dialog box still pops up. Enter the username and password, and the username, password, http request method, and URL of the requested resource will be combined and sent to the server. After the server obtains the relevant information of the http message, it will obtain the username and password from it, and the same will be done to the user. The name, password, http request method, URL of the requested resource, etc. are combined to perform md5 calculations, and the calculated results are compared. If the results are the same, the authentication is passed

In fact, it is very common to authenticate the identities of communicating parties through the hash algorithm. , there is no need to transmit the information containing the password to the outside. You only need to add the password information to a random value given by the other party, and then calculate the hash value and transmit it to the other party to authenticate the identity. This mode avoids the clear text transmission of passwords on the network. ,

Disadvantages: The message will still be intercepted by the attacker and then obtain relevant resources

3. X.509:

It is a very general certificate Format, all X.509 certificates contain: version number, certificate holder's public key, and certificate serial number.

The serial number of the certificate is a unique digital number assigned by each certificate. After the certificate is canceled, it is actually put into the blacklist issued by the CA. This is the only reason for the serial number. X.509 also contains subject information, certificate Validity period, certified signature, signature algorithm, etc., are currently widely used

4. LDAP:

It is a lightweight directory access protocol. In order to solve the problem, many passwords need to be initialized. , the management of a large number of passwords, and when the company adds internal services, the administrator needs to initialize new account information for a large number of employees, provide a unified authentication mechanism for all software, and change the original authentication strategy so that all policies that require authentication pass LDAP needs to be authenticated, or all information is stored in the LDAP server. When end users use the company's internal services, they need to be authenticated by the LDAP server. Each employee only needs to enter the web program provided by the administrator and modify their own settings in the LDAP server. Information is enough, often suitable for large companies

5. Form verification, no explanation required