Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the "realm" in basic authentication

Tags:

http

basic-authentication

digest-authentication

I'm setting up basic authentication on a php site and found this page on the php manual showing the set up. What does "realm" mean here in the header? 

header('WWW-Authenticate: Basic realm="My Realm"');

Is it the page page being requested?

like image 947
RayLoveless Avatar asked Oct 03 '12 02:10

RayLoveless

People also ask

What is realm in basic authentication?

The basic-auth-realm command specifies the realm name for basic authentication. The realm name is the text that is displayed in the dialog box that appears when the browser prompts the user for login data. The realm name is also the name of the realm to which the user is authenticated.

What is a realm in security?

A realm is a security policy domain defined for a web or application server. The protected resources on a server can be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database containing a collection of users and groups.

What is realm value?

The realm value is a free-form string that can only be compared for equality with other realms on that server. The server will service the request only if it can validate the user-id and password for the protection space applying to the requested resource.

What is realm Windows authentication?

The user account location is also called the realm or realm name, and is synonymous with the concept of domain, including DNS domains, Active Directory® domains, and Windows NT 4.0 domains.

1 Answers

From RFC 1945 (HTTP/1.0) and RFC 2617 (HTTP Authentication referenced by HTTP/1.1)

The realm attribute (case-insensitive) is required for all authentication schemes which issue a challenge. The realm value (case-sensitive), in combination with the canonical root URL of the server being accessed, defines the protection space. These realms allow the protected resources on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization database. The realm value is a string, generally assigned by the origin server, which may have additional semantics specific to the authentication scheme.

In short, pages in the same realm should share credentials. If your credentials work for a page with the realm "My Realm", it should be assumed that the same username and password combination should work for another page with the same realm.

like image 102
Tim Cooper Avatar answered Oct 11 '22 02:10

Tim Cooper
Sign in to Comment

Related questions

HTTP headers in Websockets client API
How to define the basic HTTP authentication using cURL correctly?
Adding header for HttpURLConnection
Is either GET or POST more secure than the other?
Does Java have a complete enum for HTTP response codes?
Node.js EACCES error when listening on most ports
What is the difference between URI, URL and URN? [duplicate]
REST response code for invalid data
How to send a GET request from PHP?
How to pass url arguments (query string) to a HTTP request on Angular?
Getting Http Status code number (200, 301, 404, etc.) from HttpWebRequest and HttpWebResponse
How to log out user from web site using BASIC authentication?
Should I use PATCH or PUT in my REST API?
How to post data in PHP using file_get_contents?
How to redirect all HTTP requests to HTTPS
Send request to cURL with post data sourced from a file
Sending HTTP POST Request In Java
What is the fastest way to send 100,000 HTTP requests in Python?
Java - sending HTTP parameters via POST method easily
What are all the possible values for HTTP "Content-Type" header?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!