Form-based authentication
Despite there being a basic authentication, most users will be familiar with a different form as the default user-facing approach. Form-based authentication is pretty self-explanatory as to what the user will see. The authentication challenge to the client is issued as a form, usually requiring a username or e-mail address and at a minimum, a password or passphrase. In most cases, there is no validation and authentication of the server--form-based authentication supposes that the server is a trusted device. This is a considerable weakness that attackers will tend to exploit.
The variables provided by the user, when submitted, are actually carried out-of-band as they relate to the HTTP requests themselves, carried ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access