Guidelines on Securing Public Web Servers

given directory.  More restrictive access control can be enforced at the level of a single file 

within a directory, if that the Web server software provides this capability.  Each vendor's Web 

server software has its own method and syntax for defining and using this basic authentication 

mechanism. 

From a security perspective, the main drawback of this technology is that all password 

information is transferred in an encoded, rather than an encrypted, form.  Anyone who knows 

the standardized encoding scheme can decode the password after capturing it with a network 

sniffer.  Furthermore, any Web content is transmitted as unencrypted plaintext, so this content 

also can be captured, violating confidentiality.  These limitations can be overcome using basic 

authentication in conjunction with SSL/TLS (see Section 7.5).  Basic authentication is 

supported by standard compliant Web browsers [CERT01].  Basic authentication is useful for 

protecting information from malicious bots (see Section 5.2.4). 

7.4 Digest 

Authentication 

Because of the drawbacks with basic authentication, an improved technique, known as digest 

authentication, was introduced in the publication of version 1.1 of the HTTP protocol.  Digest 

authentication uses a challenge response mechanism for user authentication.  Under this 

approach a nonce or arbitrary value is sent to the user, who is prompted for an ID and 

password as with basic authentication.  However, in this case, the information entered by the 

user is concatenated and a cryptographic hash of the result formed, which is again 

concatenated with the nonce and the requested URL and then rehashed as a response value that 

is sent to the user. 

Because the user's password is not sent in the clear, it cannot be sniffed from the network.  

Moreover, the user's password is not needed by the server to authenticate the user, only the 

hashed value of the user ID and password, which provides further security.  Because the nonce 

can be constructed from the current date and time information, replay attacks are also thwarted.  

Thus, digest authentication is more secure than basic authentication.  Unfortunately, all other 

data is sent in the clear (i.e., unencrypted), and this is vulnerable to interception and alteration.  

These limitations can be overcome using digest authentication in conjunction with SSL/TLS 

(see Section 7.5).  Like basic authentication, digest authentication is useful for protecting 

information from malicious bots (see Section 5.2.4). 

7.5 SSL/TLS 

The SSL and Transport Layer Security (TLS) protocols provide server and client 

authentication and encryption of communications.

24

  SSL was first introduced by Netscape 

Communications in 1994 and was revised twice (SSL version 3 is the latest version)

25

.  In 

1996, the Internet Engineering Task Force (IETF) established the TLS working group to 

formalize and advance the SSL protocol to the level of Internet standard.  The TLS protocol 

24

 Proper understanding of SSL and the information presented in this section requires at least a basic understanding of 

cryptographic algorithms, message digest functions, digital signatures, symmetric encryption algorithms, and 

asymmetric encryption algorithms.  For an introduction to cryptography, see NIST Special Publication 800 32, 

Introduction to Public Key Technology and the Federal PKI Infrastructure

.  For more information on transport layer 

security, see NIST Special Publication 800 52, 

Guidelines for the Selection and Use of Transport Layer Security 

Implementations

.  Both of these documents can be found at 

http://csrc.nist.gov/publications/nistpubs/index.html

. 

25

 SSL Version 2.0 is insecure and should not be used.   

53