๐Ÿ“–
Mini's Today I Learned
  • Today I Learned
  • ๐Ÿ’ปComputer Science
    • ๐ŸงฑComputer Science
      • Computer Architecture
    • ๐Ÿฆ•OperatingSystem
      • System Structure
      • 01. ์šด์˜์ฒด์ œ ์—ญํ• 
      • 02. History๋กœ ์ดํ•ดํ•˜๋Š” ์šด์˜์ฒด์ œ
      • 03. ์šด์˜์ฒด์ œ ๊ตฌ์กฐ
      • 04. ํ”„๋กœ์„ธ์Šค ์Šค์ผ€์ฅด๋ง
      • 05. ์Šค์ผ€์ฅด๋ง ์•Œ๊ณ ๋ฆฌ์ฆ˜
      • 06. ํ”„๋กœ์„ธ์Šค ์ƒํƒœ์™€ ์Šค์ผ€์ฅด๋Ÿฌ
      • 07. ์ธํ„ฐ๋ŸฝํŠธ
      • 08. ํ”„๋กœ์„ธ์Šค์™€ ์ปจํ…์ŠคํŠธ ์Šค์œ„์นญ
      • 09. ํ”„๋กœ์„ธ์Šค๊ฐ„ ์ปค๋ฎค๋‹ˆ์ผ€์ด์…˜(IPC ๊ธฐ๋ฒ•)
      • 10. Thread(์Šค๋ ˆ๋“œ)
      • 11. ๊ฐ€์ƒ๋ฉ”๋ชจ๋ฆฌ (Virtual Memory System)
      • 12. ํŒŒ์ผ์‹œ์Šคํ…œ ์ดํ•ด
      • 13. ๋ถ€ํŒ…์˜ ์ดํ•ด
      • 14. ๊ฐ€์ƒ๋จธ์‹ (Virtual Machine)
  • ๐Ÿ“ˆDatabase
    • MySQL CLI (Frequently used)
    • 1-Tier, 2Tier, 3Tier
    • Basic SQL
    • Built in function
    • Sub Query
    • View
    • Stored Program
    • index
    • Normalization(์ •๊ทœํ™”)
    • Transaction
    • Transaction
  • ๐ŸŒ Network
    • ๐Ÿ”Œ TCP&IP Basic
      • 01 TCP/IP ๋ง›๋ณด๊ธฐ
      • 02 TCP/IP ๊ฐœ์š”
      • 03 ํ†ต์‹  ์„œ๋น„์Šค์™€ ํ”„๋กœํ† ์ฝœ
      • 04 ์• ํ”Œ๋ฆฌ์ผ€์ด์…˜ ๊ณ„์ธต
      • 05 ํŠธ๋ Œ์ŠคํฌํŠธ ๊ณ„์ธต
      • 06 ๋„คํŠธ์›Œํฌ๊ณ„์ธต
      • 07 ๋ฐ์ดํ„ฐ ๊ณ„์ธต๊ณผ ๋ฌผ๋ฆฌ๊ณ„์ธต
      • 08 ๋ผ์šฐํŒ…
      • 09 ๋ณด์•ˆ
      • 10 HTTP ํ”„๋กœํ† ์ฝœ
    • ๐Ÿฟ๏ธHTTP ์™„๋ฒฝ ๊ฐ€์ด๋“œ ์š”์•ฝ
      • 1. HTTP: ์›น์˜ ๊ธฐ์ดˆ
      • 2. URL ๊ณผ ๋ฆฌ์†Œ์Šค
      • 3. HTTP Message
      • 4. Connection Management
      • 5. Overview of web server architectures
      • 6. Proxies
      • 7.Caching
      • 8. Integration Points: Gateways, Tunnels, and Relays
      • 9. Web Robots
      • 10. HTTP/2.0
      • 11. Client Identification and Cookies
      • 12. Basic Authentication
      • 13. Digest Authentication
      • 14. Secure HTTP
      • 15. Entities and Encodings
      • 16. Internationalization
      • 17. Content Negotiation and Transcoding
      • 18. Web Hosting
  • ๐ŸดLanguage
    • โ˜•JAVA
      • Comparable vs Comparator
  • ๐Ÿ› ๏ธ Framework
  • ๐ŸงฉDesign Pattern
    • ๊ฐ์ฒด ์ง€ํ–ฅ ์„ค๊ณ„ ์›์น™ (SOLID)
    • Design Pattern ๊ฐœ์š”
    • Template method
    • Singleton
  • ๐ŸฅFrontEnd
    • HTML&CSS
      • 01 Intro
      • 02 HTML Basic
      • 03 Content Section
      • 04 Block and Inline Elements
      • 05 Text Contents
      • 06 Inline Elements
      • 07 Multi Media
      • 08 Table&Form&etc
      • 09 Global Attribute & etc
      • 10 css basic
      • 11 css config
      • 12 css unit
      • 13 Box Model
      • 14 Font & Text
      • 15 Float(๋„์›€) & Position
      • 16 Background
      • 17 Transitions & Transforms
      • 18 Animation & Multi Columns(๋‹ค๋‹จ)
      • 19 Flex
      • 20 Grid
    • Sass(SCSS)
    • TypeScript
    • Webpack Introduction
      • ์›นํŒฉ์˜ ๊ธฐ๋ณธ ๊ตฌ์กฐ
      • CommonJS
      • ESM
      • WebpackConfig
        • 1. Handlebars
        • 2. Caching
        • 3. Minification & Mangling
        • 4. Mode(Development mode & Production Mode)
        • 5. ์ด๋ฏธ์ง€ ํŒŒ์ผ ๋ชจ๋“ˆ๋กœ ๋‹ค๋ฃจ์–ด๋ณด๊ธฐ(file-loader)
        • 6. ์ด๋ฏธ์ง€ ํŒŒ์ผ ๋ชจ๋“ˆ๋กœ ๋‹ค๋ฃจ์–ด๋ณด๊ธฐ(url-loader)
        • 7. SASS Loader
        • 8. Post CSS
        • 9. BLOWSERS LIST
        • 10. Stylelint
        • 11. Babel
      • Webpack-Practice
    • ETC
      • GIT
      • MarkDown
Powered by GitBook
On this page
  • 1) ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์˜ ๊ฐœ์„ ์ 
  • โ‘  ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ์ง€ํ‚ค๊ธฐ ์œ„ํ•ด ์š”์•ฝ ์‚ฌ์šฉํ•˜๊ธฐ
  • โ‘ก ๋‹จ๋ฐฉํ–ฅ ์š”์•ฝ
  • โ‘ข ์žฌ์ „์†ก ๋ฐฉ์ง€๋ฅผ ์œ„ํ•œ nonce ์‚ฌ์šฉ
  • โ‘ฃ ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ ํ•ธ๋“œ ์…ฐ์ดํฌ

Was this helpful?

  1. ๐ŸŒ Network
  2. HTTP ์™„๋ฒฝ ๊ฐ€์ด๋“œ ์š”์•ฝ

13. Digest Authentication

[Intro]

๊ธฐ๋ณธ ์ธ์ฆ์€ ํŽธ๋ฆฌํ•˜๊ณ  ์œ ์—ฐํ•˜์ง€๋งŒ ์ „ํ˜€ ์•ˆ์ „ํ•˜์ง€ ์•Š๋‹ค. (base64๋Š” ๋””์ฝ”๋”ฉ์ด ์‰ฌ์›Œ ์˜๋„์น˜์•Š๊ฒŒ ๋น„๋ฒˆ์„ ๋ณด๋Š”๊ฑด ๋ง‰์„ ์ˆ˜ ์žˆ์ง€๋งŒ, ์•…์˜๋ฅผ ๊ฐ€์ง„ ์‚ฌ๋žŒ์„ ๋ง‰์„์ˆ˜ ์—†์Œ)

๊ธฐ๋ณธ ์ธ์ฆ์„ ์•ˆ์ „ํ•˜๊ฒŒ ์‚ฌ์šฉํ•˜๋Š” ์œ ์ผํ•œ ๋ฐฉ๋ฒ•์€ SSL๊ณผ ๊ฒฐํ•ฉํ•ด์„œ ์‚ฌ์šฉํ•˜๋Š” ๊ฒƒ์ด๋‹ค.

๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์€ ๊ธฐ๋ณธ์ธ์ฆ๊ณผ ํ˜ธํ™˜๋˜๋Š” ๋” ์•ˆ์ „ํ•œ ๋Œ€์ฒด์ œ๋กœ ๊ฐœ๋ฐœ์ด ๋˜์—ˆ๋‹ค.

๋„๋ฆฌ ์“ฐ์ด์ง€๋Š” ์•Š์ง€๋งŒ ๊ฐœ๋…์€ ๋ณด์•ˆ ํŠธ๋žœ์žญ์…˜์„ ๊ตฌํ˜„ํ•  ๋•Œ ์œ ์šฉํ•˜๋‹ค.

1) ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์˜ ๊ฐœ์„ ์ 

๊ธฐ๋ณธ ์ธ์ฆ์˜ ๊ฐ€์žฅ ์‹ฌ๊ฐํ•œ ๊ฒฐํ•จ์„ ์ˆ˜์ •ํ•œ ๋˜๋‹ค๋ฅธ HTTP ์ธ์ฆ ํ”„๋กœํ† ์ฝœ

ํŠน์ง•

  • ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ์ ˆ๋Œ€ ํ‰๋ฌธ์œผ๋กœ ๋ณด๋‚ด์ง€ ์•Š๋Š”๋‹ค.

  • ์ธ์ฆ ์ฒด๊ฒฐ์„ ๊ฐ€๋กœ์ฑ„์„œ ์žฌํ˜„ํ•˜๋ ค๋Š” ์•…์˜์ ์ธ ์‚ฌ๋žŒ์„ ์ฐจ๋‹จํ•œ๋‹ค.

  • ๊ตฌํ˜„์— ๋”ฐ๋ผ ๋ฉ”์„ธ์ง€ ๋‚ด์šฉ ์œ„์กฐ๋ฅผ ๋ง‰๋Š”๊ฒƒ๋„ ๊ฐ€๋Šฅํ•˜๋‹ค.

  • ๊ทธ ์™ธ ๋ช‡๋ช‡ ์ž˜ ์•Œ๋ ค์ง„ ํ˜•ํƒœ์˜ ๊ณต๊ฒฉ์„ ๋ง‰๋Š”๋‹ค.

  • ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์ด ๊ฐ€๋Šฅํ•œ ๊ฐ€์žฅ ์•ˆ์ „ํ•œ ํ”„๋กœํ† ์ฝœ์€ ์•„๋‹ˆ๋‹ค. ํ•˜์ง€๋งŒ ๊ธฐ๋ณธ ์ธ์ฆ๋ณด๋‹ค ํ›จ์”ฌ ๊ฐ•๋ ฅํ•˜๋‹ค.

    [HTTP ํŠธ๋žœ์žญ์…˜์„ ์œ„ํ•œ ๋งŽ์€ ์š”๊ตฌ์‚ฌํ•ญ์„ ๋งŒ์กฑํ•˜๋ ค๋ฉด HTTPS + TLS ๊ฐ€ ๋” ์ ํ•ฉํ•˜๋‹ค.]

  • ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์€ ๋‹ค๋ฅธ ์ธํ„ฐ๋„ท ์„œ๋น„์Šค๋ฅผ ์œ„ํ•ด ์ œ์•ˆ๋œ ๋งŽ์€ ์ธ๊ธฐ์žˆ๋Š” ๋ณด์•ˆ์ฒด๊ณ„๋ณด๋‹ค ๊ฐ•๋ ฅํ•˜๋‹ค.

โ‘  ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ์•ˆ์ „ํ•˜๊ฒŒ ์ง€ํ‚ค๊ธฐ ์œ„ํ•ด ์š”์•ฝ ์‚ฌ์šฉํ•˜๊ธฐ

  • ๋‹ค์ด์ œ์ŠคํŠธ์ธ์ฆ์˜ ์ขŒ์šฐ๋ช…: "์ ˆ๋Œ€๋กœ ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋„คํŠธ์›Œํฌ๋ฅผ ํ†ตํ•ด ๋ณด๋‚ด์ง€ ์•Š๋Š”๋‹ค."

  • ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋ณด๋‚ด๋Š” ๋Œ€์‹ , ๋น„๋ฐ€๋ฒˆํ˜ธ๋ฅผ ๋น„๊ฐ€์—ญ์ ์œผ๋กœ ์—ฎ์€ '์ง€๋ฌธ(fingerprint)', '์š”์•ฝ(digest)'๋ฅผ ๋ณด๋‚ธ๋‹ค.

โ‘ก ๋‹จ๋ฐฉํ–ฅ ์š”์•ฝ

  • ์š”์•ฝ์€ ์ •๋ณด ๋ณธ๋ฌธ์˜ ์••์ถ•์ด๋‹ค.

  • ์š”์•ฝ์€ ๋‹จ๋ฐฉํ–ฅ ํ•จ์ˆ˜๋กœ ๋™์ž‘ํ•œ๋‹ค.

  • ์ผ๋ฐ˜์ ์œผ๋กœ ์ž…๋ ฅ๊ฐ€๋Šฅํ•œ ๋ฌดํ•œ ๊ฐ€์ง€์˜ ๋ชจ๋“  ์ž…๋ ฅ๊ฐ’๋“ค์„์œ ํ•œํ•œ ๋ฒ”์œ„์˜ ์••์ถ•์œผ๋กœ ๋ณ€ํ™˜ํ•œ๋‹ค.

  • ์ธ๊ธฐ์žˆ๋Š” ์š”์•ฝ ํ•จ์ˆ˜ ์ค‘ ํ•˜๋‚˜์ธ MD5๋Š” ์ž„์˜์˜ ๋ฐ”์ดํŠธ ๋ฐฐ์—ด์„ ์›๋ž˜ ๊ธธ์ด์™€ ์ƒ๊ด€์—†์ด 128๋น„ํŠธ ์š”์•ฝ์œผ๋กœ ๋ณ€ํ™˜ํ•œ๋‹ค.

  • ์š”์•ฝ์—์„œ ์ค‘์š”ํ•œ ๊ฒƒ์€ ๋งŒ์•ฝ pw๋ฅผ ๋ชจ๋ฅด๋ฉด ์„œ๋ฒ„์— ๋ณด๋‚ผ ์•Œ๋งž์€ ์š”์•ฝ์„ ์ถ”์ธกํ•˜๊ธฐ ์œ„ํ•ด ํฐ ์‹œ๊ฐ„์†Œ๋ชจ๋ฅผ ํ•œ๋‹ค๋Š” ์ .

    ์š”์•ฝ์„ ๊ฐ–๊ณ  ์žˆ๋‹ค๋ฉด, ๋ฌดํ•œ๊ฐœ์˜ ์ž…๋ ฅ๊ฐ’๋“ค ์ค‘ ์š”์•ฝ์„ ์ƒ์„ฑํ•˜๋Š” ๊ฒƒ์„ ์ฐพ๊ธฐ์œ„ํ•ด ๋”์ฐํ•˜๊ฒŒ ๋งŽ์€ ์‹œ๊ฐ„ ์†Œ๋ชจ๋ฅผ ํ•œ๋‹ค.

โ‘ข ์žฌ์ „์†ก ๋ฐฉ์ง€๋ฅผ ์œ„ํ•œ nonce ์‚ฌ์šฉ

์žฌ์ „์†ก ๊ณต๊ฒฉ ๋ฐฉ์ง€๋ฅผ ์œ„ํ•ด์„œ ์„œ๋ฒ„๋Š” ํด๋ผ์ด์–ธํŠธ์—๊ฒŒ nonce๋ผ๊ณ  ๋ถˆ๋ฆฌ๋Š” ํŠน๋ณ„ํ•˜๊ณ  ์ž์ฃผ๋ฐ”๋€Œ๋Š” ์ฆํ‘œ๋ฅผ ๊ฑฐ๋‚ธ๋‹ค. (์•ฝ 1๋ฐ€๋ฆฌ์ดˆ๋งˆ๋‹ค, ํ˜น์€ ์ธ์ฆํ•  ๋•Œ๋งˆ๋‹ค ๊ฑด๋‚ด์ค€๋‹ค.)

์ €์žฅ๋œ ๋น„๋ฐ€๋ฒˆํ˜ธ ์š”์•ฝ์€ ํŠน์ • nonce ๊ฐ’์— ๋Œ€ํ•ด์„œ๋งŒ ์œ ํšจํ•˜๊ธฐ ๋•Œ๋ฌธ์— ๋น„๋ฐ€๋ฒˆํ˜ธ ์—†์ด ๊ณต๊ฒฉ์ž๊ฐ€ ์˜ฌ๋ฐ”๋ฅธ ์š”์•ฝ์„ ๊ณ„์‚ฐํ•˜๋Š” ๊ฒƒ์€ ๊ฐ€๋Šฅํ•˜์ง€ ์•Š๋‹ค.

โ‘ฃ ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ ํ•ธ๋“œ ์…ฐ์ดํฌ

๊ธฐ์กด ํ—ค๋”์— ๋ช‡๋ช‡ ์ƒˆ ์˜ต์…˜์„ ์ถ”๊ฐ€ํ–ˆ๊ณ , ์„ ํƒ์  ํ—ค๋”์ธ Authorization-Info๊ฐ€ ์ƒˆ๋กœ ์ถ”๊ฐ€๋˜์—ˆ๋‹ค.

  • ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ์˜ ํ•ต์‹ฌ

    • ๊ณต๊ฐœ๋œ ์ •๋ณด, ๋น„๋ฐ€์ •๋ณด, ์‹œํ•œ๋ถ€ nonce ๊ฐ’์„ ์กฐํ•ฉํ•œ ๋‹จ๋ฐฉํ–ฅ ์š”์•ฝ.

(์ดํ•˜ ๋‹ค์ด์ œ์ŠคํŠธ ์ธ์ฆ ํ•„๊ธฐ ์ค‘๋žต)

Previous12. Basic AuthenticationNext14. Secure HTTP

Last updated 3 years ago

Was this helpful?

๐Ÿฟ๏ธ