什么是“境界"?在基本认证中 [英] What is the "realm" in basic authentication

问题描述

我正在 php 站点上设置基本身份验证，并在php 手册显示设置.标题中的领域"是什么意思?

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header?

header('WWW-Authenticate: Basic realm="My Realm"');

是被请求的页面吗?

推荐答案

来自RFC 1945 (HTTP/1.0) 和 RFC 2617(参考 HTTP 身份验证通过 HTTP/1.1)

所有的都需要领域属性(不区分大小写)发出质询的身份验证方案.境界值(区分大小写)，结合规范的根 URL正在访问的服务器，定义保护空间.这些境界允许将服务器上的受保护资源划分为一组保护空间，每个都有自己的认证方案和/或授权数据库.领域值是一个字符串，一般由源服务器分配，可能有额外的语义特定于身份验证方案.

The realm attribute (case-insensitive) is required for all authentication schemes which issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. The realm value is a string, generally assigned by the origin server, which may have additional semantics specific to the authentication scheme.

简而言之，同一领域中的页面应该共享凭据.如果您的凭据适用于具有我的领域" 领域的页面，则应假定相同的用户名和密码组合适用于具有相同领域的另一个页面.

In short, pages in the same realm should share credentials. If your credentials work for a page with the realm "My Realm", it should be assumed that the same username and password combination should work for another page with the same realm.

这篇关于什么是“境界"?在基本认证中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！