HTTP摘要式身份验证与SSL [英] HTTP Digest Authentication versus SSL

查看:158
本文介绍了HTTP摘要式身份验证与SSL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

从性能,安全性和灵活性的角度来看,HTTP摘要式身份验证和SSL之间有什么区别?

What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view?

推荐答案

有关该主题的维基百科文章-您应该阅读!

坦率地说:HTTP Digest Auth仅能保护您避免向攻击者丢失明文密码(并考虑MD5安全性的状态,甚至可能不会这样).

To put it bluntly: HTTP Digest Auth will only protect you from losing your cleartext password to an attacker (and considering the state of MD5 security, maybe not even that).

然而,它对中间人攻击和由于实施的不同(由于大多数高级功能是可选的)(重放,字典和其他形式的攻击)具有广泛的开放性.

It is however wide open to Man-in-the-Middle attacks and also -- depending on the implementation, since most of the advanced features are optional -- replay, dictionary and other forms of attacks.

但是,HTTPS连接和受Digest Auth保护的HTTP连接之间的最大区别在于,前者一切均使用公钥加密进行加密,而后者的内容则以明文形式发送

However, the biggest difference between an HTTPS connection and an HTTP connection protected by Digest Auth is that with the former everything is encrypted with Public Key Encryption, while with the latter content is sent in the clear.

关于性能:从上述几点来看,应该很清楚,您所付出的代价(带有CPU周期).

As for the performance: from the above mentioned points it should be quite clear that you get what you pay for (with CPU cycles).

为了灵活性",我去:嗯?

For "flexibility" I'll go with: huh?

这篇关于HTTP摘要式身份验证与SSL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆