Advantages and Disadvantages of HTTP Authentication

written by: Giulio Delgado; article published: year 2006, month 07;



In: Categories » Internet » Web design and development » Advantages and Disadvantages of HTTP Authentication

Authentication can be passed in the HTTP headers of incoming requests. This is the same type of authentication that is used when your browser creates a small login window when attempting to access a site. The authentication information is Base 64-encoded, so it does look like it is encrypted when transmitted over the wire, but in reality it is not. This encoding only ensures that all characters are valid to be passed in the header and is not intended to provide any level of security.

Advantages:

  • Easily handled — Because the authentication information is sent in the HTTP headers, it can be handled by some moderately complex routers or gateways. This will allow for hardware-level throttling of abusive clients, or routing based on specific users. On the application side, the authentication will actually be handled by your web server, not your application. Web servers are developed and tested with high performance in mind, so this will likely end up being faster than any attempt to handle authentication in the application itself.

  • Transparent — Because the web server is handling the authentication, you may choose to completely ignore what user is logged in, and concentrate solely on handling the request. This is obviously only applicable when requests are user-agnostic (every user receives the same response to the same query).

  • Easy to code — Adding an additional HTTP header is relatively easy in most programming languages. It is also pretty universally available even in shared hosting situations (which may prevent things like SSL requests or external libraries).

Disadvantages:

  • Authentication is sent in the clear — Base 64 is a two-way algorithm. Anyone who intercepts the request can determine the username and password being used, but they don't even need to; they can just use an identical header themselves.

  • Username restriction — When using HTTP authentication, the colon (:) cannot be used in the username. A minor restriction, but one to keep in mind.

  • No encryption — All requests and responses are visible to anyone between the requesting server and the API server.

  • Slight barrier to use — Those unfamiliar with this method of authentication may shy away from attempting it.

This basic level of authentication is sufficient for many API applications. The presence of some basic authentication allows the API to either be client-aware or client-agnostic, depending on its specific needs, and also allows for throttling or denial to abusive clients. It would be a good idea with this type of authentication to provide some separation between the username and password combo used for the API and the site at large. This way, should the API's authentication information be compromised (by someone with access to the code, or by grabbing it off the wire), the valid user can use their regular information to change the API's credentials.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. Building Shopping Cart Applications
The heart of any Web store is the software that it runs on. However, up until relatively recently, software solutions for e-commerce were largely do-it-yourself affairs, consisting of a number of disparate tools lashed together to fulfill the major tasks of an online store. This situation is changing rapidly. Every day sees the launch of a new software product, each of which claims to be a complete shopping cart. However, close investigation reveals a huge difference in the features that these products offer and the price...

2. The Essential Ingredients Of A Magnetic Website
Yes, believe it or not, there is actually a recipe for creating a website that is magnetic. A website that attracts targeted people far and wide like a super-powerful yet pinpoint-accurate magnet! If you apply each of these ingredients, but badly, you will have failed. If you address a quarter of them with gusto, accuracy and efficiency you will be well on the way to having a magnetic website whose profile just grows and grows. Your Shopping List For Baking A Magnetic Website • Great ...

3. Advantages and Disadvantages of Message Based Authentication
Client credentials can also be passed along with the regular message payload. This is marginally easier to implement on the client side because adding credentials should be no more difficult than adding another parameter to the request. Remember that even if a secure (SSL) endpoint is used, the URL used for the request is still sent in the clear, so if the credentials are passed on the URL (as is the case with a REST request), they will be visible to any and all intermediaries. Advantages: Easily handled &m...

4. 7 Things You Should Not Use in Web Design to Get a Quality Web Site
If you have any of these on your website or you have built websites for other people that include some of these ‘No-No’s’ then don’t feel too bad. We all make mistakes and it’s only my opinion right? 1. Flash In The Pan Pan being a slang term for toilet – as that’s where it belongs. Okay, maybe not all use of Flash but certainly Flash introduction pages. What a nightmare they are – ever visited a site where you positively revelled in the fact you got to...

5. How To Quickly And Easily Protect Your Adsense Account From Accidental Clicks
Not a day goes by without somebody complaining that they’ve been shutdown by Adsense because of “click fraud”. Scary isn’t it? Your kids or family members accidentally “stumble” on your website as they’re browsing the net (using the home computer)… and proceed to click on YOUR ads. You accidentally click on your ads yourself while you’re “checking” your site in your browser. Now, I’m sure that some people have accidentally ...

6. What Should I Do For a Successful Business Website
There are just four cornerstone foundations you need to perfect to make your website a success. These foundations need to be central to your way of thinking about your website from now on. Whenever you make a single change to your website, whenever you have an idea about your website, whenever you think about your website in any way you need to think about the four cornerstone foundations – so here they are… Volumes The volume of people you attract to your website is crucial to your websit...

7. The 7 Deadly Sins Of Web Design
Sin 1 - Starfield backgrounds You know the sort – zillions of tiny white pixels glinting back at you from behind the text. Beautiful. Not! In a galaxy far, far away, in a time long, long ago people thought this was cool. It’s not. It sucks and people who use it should be shot. Sin 2 - Anything that moves. Okay, that’s maybe a little bit harsh – let me zero in on something more specific - animated cursors. I know 12 year-old kids that think they’re crap. Wise up an...

8. General advantages and disadvantages of HTML vs XML and XHTML
There are three markup languages. These include Hypertext Markup Language (HTML), Extensible Markup Language (XML), and the combination of the two, Extensible Hypertext Markup Language, (XHTML). HTML HTML is the primary format used on the World Wide Web. HTML can display Web pages with a wide range of colors, shapes, and objects. Although not a true programming language, HTML has increased in power over the years. HTML is actually a loosely defined subset of XML. However, whereas XML is a strict languag...

9. Wireless Markup languages ~ Overview ~ WAP WML WMLScript
The most common standard of data transfer and presentation for a handheld device involves the combination of Wireless Application Protocol (WAP) with Wireless Markup Language (WML). Although WAP can be used with other forms of presentation, its coders primarily designed it to be used with WML. WAP Because of the small size of PCS devices, and because they operate with much less bandwidth or speed, than the rest of the Internet, a special protocol was necessary to redefine how they handle data transmission. This protoc...

10. How To Configure Apache or IIS Web Server to Work with WML ~ Openwave SDK
It could be a useful exercise for you to create your own WML program and test it on a live Web server. This requires the following two items: Access to a Web server (IIS or Apache both work well) A development tool to test the programming For the development tool, we recommend that you download and use the latest version of Openwave's SDK, which is freely available to developers at http://www.openwave.com. Once you install this program, you simply need to specify where the files ...