...
Authentication Method | Advantages | Disadvantages |
|---|
Basic | - Can be non-interactive.
- Client prompt built into browsers.
- Widely supported.
- Can be paired with SSL to protect password.
| - Password is encoded but not encrypted.
|
Digest | - Can be non-interactive.
- Client prompt built into browsers.
- Password is not sent as cleartext.
| - Less widely supported than Basic.
|
Request Parameter | - Can be non-interactive.
- Very easy to use.
- Relies only on HTTP specification so it is widely supported.
| - Password is sent as cleartext and can be (and probably is) logged by web servers.
|
Form | - Relies only on HTTP specification so it is widely supported.
- Allows cosmetic customization.
- Can be paired with SSL to protect password.
| - Requires most work by developerscreation of login page.
|
Of these, only Basic, Digest, and Request Parameter are suggested for use when authenticating from third-party applications. This is because these methods can be used in a non-interactive manner.
...