The origins of the Internet date back nearly 40 years, with the U.S. military's funding of a research network dubbed Arpanet in 1969. Since then, the Internet has undergone more than just a name change. The number of computers connected to the Internet has grown exponentially, while the number of users has risen from a handful of computer scientists to 1.5 billion consumers. The network's reach has expanded beyond the United States to every corner of the globe. But its popularity has a dark side, as it has evolved from a friendly research network to a hotbed of criminal activity including fraud and identity theft.
Internet usage has exploded since 1995, when researchers first started tracking this statistic. Although estimates vary from the Internet having 1 billion to 1.5 billion users, everyone agrees that the 'Net has room for growth as the worldwide population tops 6 billion. That leaves more than 4 billion people around the world without Internet access today.
Internet becomes a global phenomenon.The Internet has changed from a U.S.-dominated communications medium to one that is seeing its fastest growth in Asia and Europe.Now everybody is using internet in every second,and can't live without internet.
Web authorization
Authentication is the process of verifying the identity or authenticity of a person or an entity. Let's go back to the time that the world was not yet introduced to computers and the internet. If a customer of a bank had to withdraw some money from the branch, how would it take place? The teller at the branch would ask the customer for a proof to confirm that he/she is the valid customer. The customer would then sign on a piece of paper, which would be compared with the signature provided by the customer at the time of opening the account. With the advent of computers, the signature was replaced by the password. The user would set a password value during registration and then provide it each time to access the account.
Authentication is the process of verifying the identity or authenticity of a person or an entity. Let's go back to the time that the world was not yet introduced to computers and the internet. If a customer of a bank had to withdraw some money from the branch, how would it take place? The teller at the branch would ask the customer for a proof to confirm that he/she is the valid customer. The customer would then sign on a piece of paper, which would be compared with the signature provided by the customer at the time of opening the account. With the advent of computers, the signature was replaced by the password. The user would set a password value during registration and then provide it each time to access the account.
However, as the internet has been evolving, authentication schemes have also been evolving. Let's take a look at some of the authentication schemes starting from the simplest HTTP Basic authentication to more sophisticated schemes.
The Hypertext Transfer Protocol (HTTP) that is generally used for building web applications provides 2 forms of authentication – Basic and Digest.
HTTP Basic Authentication
HTTP Basic Authentication - If a browser or program sends a request for a web page that requires Basic authentication, the server responds with an error that contains a 'WWW-authenticate' attribute in the header. The user then enters a username and password, which is sent to the server in a Base64-encoded form.
HTTP Digest Authentication
HTTP Digest Authentication works similar to Basic but is stronger as it uses 'hashes' while sending the username and password to the server. When a request for the web page is sent, the server sends back a response with a 'WWW-authenticate' attribute in the header and a 'nonce'. A 'nonce' is a string, which differs for each request. The client uses a series of hashes that involve the username and password, the requested URL, the authentication realm name and nonce, and sends the request again. The server picks the password from its data source and again goes through the same process of hashing and compares the results. Authentication is a success if the values match.
No comments:
Post a Comment