Solved

difference between mod_ssl & mod_digest

Posted on 2002-04-27
7
223 Views
Last Modified: 2012-05-04
if i want to build a "Secure Website",which module should i use, mod_ssl or mod_digest.

as i know,mod_ssl could providing SSL connection through web,but every client should visit it by "https://xxxxxx",
right? if i edit my index.html to REDIRECT the visitor fro
m "http://xxxxx.com" to "https://xxxxx.com",the client sid
e would auto change normal connection to SSL connection ?

And,mod_digest would only encrypt the "stream code" during
the authorization,after succeed,any HTTP request would sti
ll use Normal "clear text" code to communicate,right ?

please answer my questions,it's very important to me,thank
s a lot.
0
Comment
Question by:wingboad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6975365
https encryptes the complete stream
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 6976534
mod_digest simply changes the encryption mode from Basic to Digest for the authorization dialog (where Basic is a weak encryption).
To use Digest authentification, you need to load the module, and then replace AuthType Basic by AuthType Digest in your .htaccess.
Keep in mind that not all browsers support Digest.
SSL is the more reliable and more secure way.
0
 

Author Comment

by:wingboad
ID: 6990747
but if i want our clients to use httpS,how could make them use it "tranparently" ? cause not all clients know to use
https://xxx.xxxx.com to visit those "secure pages".
0
SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

 
LVL 51

Expert Comment

by:ahoffmann
ID: 6991612
assuming you administrate xxx.xxxx.com, either tell the web server to redirect any request to https, or place a index.html in corresponding directories which redirect
0
 

Author Comment

by:wingboad
ID: 6992576
so,after the redirection,all clients' requests would be
httpS automatically,right ?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6993057
if it is done by the server, yes
0
 
LVL 5

Expert Comment

by:zenlion420
ID: 9709163
Hey people,

No comment has been added in roughly 1 year, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question
be PAQ'd and pts awarded to ahoffman.
Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Zenlion420
EE Page Editor
0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SMB Signing issues 5 104
Fraud Email 11 73
Application of a group policy 11 71
how to check if either me or my network users are infected with this WannaCry ransomware? 7 120
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question