校验, 检查数据正确性或数据是否符合要求, 如校验验证码.

In software testing: verification is the process of evaluating products of a development phase to find out whether they meet the specified requirements.


验证, 检查数据合法性, 典型的是表单验证, 如邮箱地址, 手机号码.

In software testing: validation is the process of evaluating software at the end of the development process to determine whether software meets the customer expectations and requirements.

It is sometimes said that validation can be expressed by the query "Are you building the right thing?" and verification by "Are you building it right?". "Building the right thing" refers back to the user's needs, while "building it right" checks that the specifications are correctly implemented by the system. In some contexts, it is required to have written requirements for both as well as formal procedures or protocols for determining compliance.


Authentication is the process of verifying who you are. When you log on to a PC with a username and password you are authenticating.

认证, 用户认证, 判断用户身份.


Authorization is the process of verifying that you have access to something. Gaining access to a resource (e.g. directory on a hard disk) because the permissions configured on it allow you access is authorization.

授权, 用户授权, 用户权限认证.

401 Unauthorized

The request requires user authentication. The response MUST include a WWW-Authenticate header field containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field. If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication".

如上, 401 状态可能有两种情况: 未提供认证信息, 或者无相应权限.

The difference between 401 and 403 status is: when 403 occurs, authorization will not help, and you should not try to repeat the request.

Difference between Verification and Validation - Software Testing Class

Verification and Validation - Wikipedia

What is the difference between authentication and authorization? - Server Fault

HTTP Status Code Definitions