Advantages and Disadvantages of HTTP Authentication

by Giulio Delgado.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on web design and development  

You are here: Categories » Internet » Web design and development

Authentication can be passed in the HTTP headers of incoming requests. This is the same type of authentication that is used when your browser creates a small login window when attempting to access a site. The authentication information is Base 64-encoded, so it does look like it is encrypted when transmitted over the wire, but in reality it is not. This encoding only ensures that all characters are valid to be passed in the header and is not intended to provide any level of security.

Advantages:

  • Easily handled — Because the authentication information is sent in the HTTP headers, it can be handled by some moderately complex routers or gateways. This will allow for hardware-level throttling of abusive clients, or routing based on specific users. On the application side, the authentication will actually be handled by your web server, not your application. Web servers are developed and tested with high performance in mind, so this will likely end up being faster than any attempt to handle authentication in the application itself.

  • Transparent — Because the web server is handling the authentication, you may choose to completely ignore what user is logged in, and concentrate solely on handling the request. This is obviously only applicable when requests are user-agnostic (every user receives the same response to the same query).

  • Easy to code — Adding an additional HTTP header is relatively easy in most programming languages. It is also pretty universally available even in shared hosting situations (which may prevent things like SSL requests or external libraries).

Disadvantages:

  • Authentication is sent in the clear — Base 64 is a two-way algorithm. Anyone who intercepts the request can determine the username and password being used, but they don't even need to; they can just use an identical header themselves.

  • Username restriction — When using HTTP authentication, the colon (:) cannot be used in the username. A minor restriction, but one to keep in mind.

  • No encryption — All requests and responses are visible to anyone between the requesting server and the API server.

  • Slight barrier to use — Those unfamiliar with this method of authentication may shy away from attempting it.

This basic level of authentication is sufficient for many API applications. The presence of some basic authentication allows the API to either be client-aware or client-agnostic, depending on its specific needs, and also allows for throttling or denial to abusive clients. It would be a good idea with this type of authentication to provide some separation between the username and password combo used for the API and the site at large. This way, should the API's authentication information be compromised (by someone with access to the code, or by grabbing it off the wire), the valid user can use their regular information to change the API's credentials.

Share
Leave a comment or ask a question
Total comments: 0

Web design and development Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
What it takes to build a website - It takes many skills to build a website. In this article we discuss some of those skills and the importance of them. Many people think that building a website consists of one skill when in (more...)
XHTML in web design - Brief description Network is changing. In fact, the networks are changing every day: different languages, algorithms, concepts and thinking. As you have just fin (more...)
The Top 4 Benefits of a Content Management System - One of these tools is called a "content management system," or CMS for short, and I want to spend just a little bit of time telling you what I consider to be the top four benefits of using a CMS to (more...)
What is a Content Management System - A content management system (CMS) is a system used to manage the content of a Web site. In brief, we can say content management system for the formation, alteration, archiving and exclusion (more...)
Importance of Attractive Website Footer - Attractive website footer can increase attention of your website as well as help to increase your online leads or online sales. These days many add-ons customized website footer available on the In (more...)
Building Shopping Cart Applications - The heart of any Web store is the software that it runs on. However, up until relatively recently, software solutions for e-commerce were largely do-it-yourself affairs, consisting of a number (more...)
Tips for Web Design and Development - In the Today's tough competition every business need create their brand value and promote their company on internet. For this a business need a website where they will list their all the services (more...)
E Commerce Application Security Technology Essentials - In today’s marketplace, across all industry segments, businesses are realizing that transformation to e-business is required to remain competitive. Analysts predict that companies not mak (more...)
Tips for Branding and Website Site Strategies for Doctors - Whether you are a homeopathic doctor, a veterinarian, a physical therapist or chiropractor times have changed in regards to marketing your practice. The great world wide w (more...)
New Perspective of Web Design - Designers feel favors with pretty pages with good visual effects. But have you tasted the web design further? How to design a popular website? This is important. If the site looks very (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.