Prev   Next

Back to the top of the FAQ

Q. I am concerned about encryption/encoding. Does AuthentiX encrypt passwords with Basic Authentication? How about with cookie-based AuthentiX authentication?

A.

Basic Authentication uses Base64 encoding to encode the username and password between the browser and the server. Adequate for most purposes, Base64 encoding can be enhanced to become very secure if you use it in combination with SSL.

If you are concerned about encoding/encrypting the passwords in the internal or ODBC database, then you can use the Options/Password dialog to set an encoder/encrypter dll. The software comes with Base64 encoding dll, or you can build your own.

With cookies, there are now two AuthentiX flavors, one using http://www.flicks.com/authentix/CookieLoginValue.htm which encodes the cookies (proprietary encoding loosely built on base64) and one using http://www.flicks.com/authentix/cookieSWValue.htm which uses MD5 hashing so the password can in theory never be cracked.
Note that using a form to login (as is done with cookies) means that the username and password will be passed to the server once only in the form POST. Although this is in clear text, the chances of interception are very small. However, if this is still a concern, put just the login page and asp script under SSL, thus securly protecting the clear text posted data, then redirect to non-ssl pages. Browsers should pass a cookie from SSL pages to non-SSL on the same site (note that the reverse is not always true).

With any of these methods using SSL (https) will add a level of encryption which is virtually unbreakable.

Back to the top of the FAQ

Prev   Next