PART II
Chapter 7: Security Concerns 303
The specifics of managing the server are not the point, and we encourage you to check
your Web server manual for precise syntax. The point we are making here is that the setup
of such authentication is traditionally not a programmatic effort, but rather more an
administrative task.
Once a resource has been protected, a user accessing the resource will trigger the server
to respond with a 401 Authorization Required challenge response that would
traditionally have the browser display a password collection dialog. The look and details of
this box vary greatly even among the very popular browsers, as shown in Figure 7-4.
When the user provides the credentials, the response is sent back in an Authorization
header like so: