Autenticação em HTTP Baseada em Desafio-Resposta

  • Augusto Jun Devegili Federal Technical School of Palmas
  • Ronaldo Vasconcelos Parente Federal Technical School of Palmas
DOI: https://doi.org/10.5753/sbseg.2003.21248

Abstract


We describe the implementation of a challenge-response protocol suitable for Web servers and Web browsers without HTTP digest authentication. Simple primitives are used (pseudorandom numbers, hash functions), which allow for easy implementation in Web servers. Our implementation allows Web developers to keep their own authentication information databases.

References

Apache Group. (2003). Apache module mod auth digest. http://httpd.apache.org/docs-2.0/mod/mod_auth_digest.html.

Internet Engineering Task Force. (1999). RFC 2617 – HTTP Authentication: Basic and Digest Access Authentication. ftp://ftp.rfc-editor.org/in-notes/rfc2617.txt.

Kristol, D. M. (2001). HTTP Cookies: Standards, privacy, and politics. ACM Transactions on Internet Technology, 1(2):151–198.

Microsoft Corporation. (2002). Setting up Digest Authentication for Use with Internet Information Services 5.0. http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B222028.

Microsoft Corporation. (2003). Introduction to Persistence. http://msdn.microsoft.com/workshop/author/persistence/overview.asp.

Schneier, B. (1996). Applied Cryptography. John Wiley & Sons, New York.

World Wide Web Consortium. (2002). The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. http://www.w3.org/TR/P3P/.
Published
2003-05-01
How to Cite

Select a Format
DEVEGILI, Augusto Jun; PARENTE, Ronaldo Vasconcelos. Autenticação em HTTP Baseada em Desafio-Resposta. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 3. , 2003, Natal. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2003 . p. 41-47. DOI: https://doi.org/10.5753/sbseg.2003.21248.