https and htaccess authentication
Posted on 2004-09-16
I've read that using the basic http authentication is insecure (it sends passwords cleartext, right?). However, if someone is browsing my site via an SSL connection, would that password still be sent cleartext, or would it be encrypted as part of the SSL connection?
Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?
Using standard linux + apache.