RFC2617-中文版

RFC2617

需积分: 48 376 浏览量更新于2023-03-16 评论收藏 217KB DOC 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

备忘........................................................................................................................................................3
版权申明................................................................................................................................................3
摘要........................................................................................................................................................3
授权鉴别................................................................................................................................................4
1. 对 HTTP/1.1 规范的依赖...............................................................................................................4
2. 访问鉴别框架................................................................................................................................4
基本鉴别方案........................................................................................................................................6
摘要访问鉴别方案................................................................................................................................8
1. 介绍................................................................................................................................................8
1.1. 
目的
.........................................................................................................................................8
1.2. 
操作概述
.................................................................................................................................8
1.3. 
摘要值的表示
.........................................................................................................................8
1.4. 
该方案的局限性
.....................................................................................................................9
2. 摘要报头的规范............................................................................................................................9
2.1. WWW-Authenticate
响应报头
.................................................................................................9
2.2. Authorization
请求报头
.........................................................................................................11
2.3. Authentication-info
报头
.......................................................................................................15
3. 摘要操作......................................................................................................................................17
4. 安全协议讨论..............................................................................................................................17
5. 例子..............................................................................................................................................18
6. 代理鉴别和代理授权..................................................................................................................18
安全考虑..............................................................................................................................................20
1. 客户使用基本鉴别......................................................................................................................20
2. 客户使用摘要鉴别......................................................................................................................21
3. 受限的 NONCE 值使用..................................................................................................................21
4. 基本鉴别与摘要鉴别的比较......................................................................................................21
5. 回放式攻击..................................................................................................................................22
6. 多方鉴别方案产生的缺点..........................................................................................................22
7. 在线字典攻击..............................................................................................................................23
8. 中间人..........................................................................................................................................23
9. 选择纯文本攻击..........................................................................................................................24
10. 预先计算的字典攻击................................................................................................................24
11. 批处理方式暴力攻击.................................................................................................................24
12. 假冒服务器欺骗........................................................................................................................24
13. 存储口令....................................................................................................................................25
14. 总结............................................................................................................................................25
例子实现..............................................................................................................................................26
参考书目..............................................................................................................................................30
作者地址............................................................................................................................................30