Basic Authentication
Basic authentication requires users to enter a user name and password to access the server. It is the default setting. You must create and store a list of users and groups in an LDAP database, such as the Sun Java System Directory Server, or in a file. You must use a directory server installed on a different server root than your Proxy Server, or a directory server installed on a remote computer.
When users attempt to access a resource that has User-Group authentication, users are prompted to enter a user name and password. The server receives this information encrypted or unencrypted, depending on whether encryption is turned on for your server (SSL is enabled).
Note –
Using Basic authentication without SSL encryption sends the user name and password in unencrypted text across the network. The network packets could be intercepted, and the user name and password could be pirated. Basic authentication is most effective when combined with SSL encryption, Host-IP authentication, or both. Using Digest authentication eliminates this problem.
After authenticating, the user then sees:
-
The resource requested (if successfully authenticated)
-
A message denying access if the user name or password is invalid
You can customize the message received by unauthorized users. For more information, see Responding When Access is Denied.
- © 2010, Oracle Corporation and/or its affiliates