Book Image

Mastering Geoserver

By : Colin Henderson
Book Image

Mastering Geoserver

By: Colin Henderson

Overview of this book

Table of Contents (19 chapters)
Mastering GeoServer
About the Author
About the Reviewers

Using Digest for user authentication

The default security implementation in GeoServer for REST and OGC services is HTTP Basic. The HTTP Basic authentication has the widest adoption, and any client that is OGC compliant will support it. However, there is a downside to the HTTP Basic authentication; it is not very secure. The credentials for an HTTP Basic authentication are sent to the server as a header key in plain text, without any encryption. The username and password strings are encoded using Base64, which means they are difficult to be interpreted by users, but they are not secure as Base64-encoded strings can be decoded. An HTTP Basic header looks like the following:

Authorization: Basic dXNlcjpwYXNzd29yZA==

The header key is Authorization, and its value consists of the word Basic followed by the username and password as Base64-encoded strings. The string itself is a concatenation of the username and password with a colon separator; in the previous example, this will decode to user:password...