HTTP+HTML Form-based Authentication - Security Considerations

Security Considerations

  • The user credentials are conveyed in the clear to the web site, unless steps such as employment of Transport Layer Security (TLS) are taken.
  • The technique is essentially ad-hoc in that effectively none of the interactions between the user agent and the web server, other than HTTP and HTML themselves, are standardized. The actual authentication mechanism employed by the website is, by default, unknown to the user and the user agent. The form itself, including the number of editable fields, and desired content thereof, are entirely implementation- and deployment-dependent.
  • This technique is inherently phishable, or vulnerable to criminals masquerading as a trusted party in the authentication process.

Read more about this topic:  HTTP+HTML Form-based Authentication

Famous quotes containing the word security:

    Happiness is peace after strife, the overcoming of difficulties, the feeling of security and well-being. The only really happy folk are married women and single men.
    —H.L. (Henry Lewis)