摘要
超文本传输协议是一种无状态协议。虽然它提供了基本认证服务用于支持用户的合法访问 ,但其功能较弱。本文介绍了超文本传输协议标准提供的摘要认证技术 ,分析了常用“一次性口令”认证方法的缺陷 。
HTTP is a kind of stateless protocol. Though HTTP provides basic authentication services to support legal access of users, its function is weak. This paper introduces digest access authentication technology that HTTP provides, analyzes the weakness of frequently used “One Time Password” authentication method, and presents the improvements and the implementation in Java.
基金
国家 8 63 /CIMS主题资助项目 !(863 -5 11-946-0 0 6)
