How to store credentials for basic HTTP authenication into the database on server side?

Asked
Active3 hr before
Viewed126 times

6 Answers

serverdatabasebasicstore
90%

So I think the only solution is to implement a custom encrypt and decrypt function to store an encrypted client password into the server database. Then only the server knows about encryption and decryption and could handle this or is there a better way to store the required client credentials on the server side?,I will try to clarify "the server will don't know about the real password". Please interrupt me if I am wrong, but a basic HTTP authentication will use plain client data (username and password) and sends a base64 encoded string of them, e.g. "Authorization: Basic dXNlcjpwYXNzd29yZA==" to get access to the resource. For this reason, the server has to use the password as plaintext to build a request with a basic authentication header. ,There is a server which should collect the data of all these clients. For this reason, I can create multiple client objects on the server side which contains data like the resource URL, username, password and so on, but I don't want to store the client passwords as plain text into the server database, but I can't store hashed client passwords on server side too, because the server will don't know about the real password then.,This could be used for pulling or putting files on the remote client from the server. In this case the server would always need access to a plain text version of the password. So it can login to the remote machine. In this case there is no real way to secure it 100%. You can make it more difficult. For example with OpenSSL a hacker would need the encrypted password, the private key, and possibly your implementation of OpenSSL encryption.

Public key implementation on the client:

public
function asymEncodePublic($string) {
   //public cert
   $file = __DIR__.
   '/public/server.crt';
   if (file_exists($file)) {
      $fp = fopen($file, "r");
      $public_key = fread($fp, 8192);
      openssl_get_publickey(public_key);
      fclose($fp);

      //var to store output
      $crypttext = '';
      openssl_public_encrypt($string, $crypttext, $pub_key);
      //convert from bin to hex
      $crypttext = bin2hex($crypttext);
      return $crypttext;
   }
}
load more v
88%

Example #1 Basic HTTP Authentication example,Example #2 Digest HTTP Authentication example,Example #3 HTTP Authentication example forcing a new name/password, HTTP authentication with PHP

HTTP authentication with PHP

It is possible to use the header() function to send an "Authentication Required" message to the client browser causing it to pop up a Username/Password input window. Once the user has filled in a username and a password, the URL containing the PHP script will be called again with the predefined variables PHP_AUTH_USER, PHP_AUTH_PW, and AUTH_TYPE set to the user name, password and authentication type respectively. These predefined variables are found in the $_SERVER array. Only "Basic" and "Digest" authentication methods are supported. See the header() function for more information.

"Authentication Required"
load more v
72%

If a request requires authentication, the server returns 401 (Unauthorized). The response includes a WWW-Authenticate header, indicating the server supports Basic authentication.,User credentials are sent in the request.,Credentials are sent with every request.,You should disable other authentication schemes, such as Forms or Windows auth.

To enable Basic authentication using IIS, set the authentication mode to "Windows" in the Web.config of your ASP.NET project:

<system.web>
   <authentication mode="Windows" />
</system.web>
load more v
65%

You can use either of the seeded accounts presented in the Basic HTTP/HTTPS authentication:, Figure 4 Basic HTTP/HTTPS authentication dialog box, Figure 3 Basic HTTP/HTTPS authentication activity diagram,Experiment with Basic HTTP/HTTPS Authentication. You can experiment with the realm identity management by following these steps:

SQL > CREATE USER IDMGMT1 IDENTIFIED BY IDMGMT1;
SQL > GRANT CONNECT, RESOURCE TO IDMGMT1;
load more v
75%

Client uses username and password to request protected resource,Server returns a token to the client (if username and password are valid),Server provides resource if username and password are valid,The username is bob and the password is pass123.

Rather than including the credentials in the body of a request, there is a special authorization header that you can add the username and password to when making an HTTP request. The authorization line in a raw request would look something like this:

    Authorization: Basic Ym9iOnBhc3MxMjM =
load more v
40%

users authenticate.js index.js ,api users authenticate.js index.js ,data JSON flat files for storing the example basic auth app data., Authentication and Authorization

This custom link component accepts href, className plus any other props, and doesn't require any nested <a> tag (e.g. <Link href="/" className="my-class">Home</Link>).

import NextLink from 'next/link';

export { Link };

function Link({ href, children, ...props }) {
    return (
        <NextLink href={href}>
            <a {...props}>
                {children}
            </a>
        </NextLink>
    );
}
load more v

Other "server-database" queries related to "How to store credentials for basic HTTP authenication into the database on server side?"