Solved

https and htaccess authentication

Posted on 2004-09-16
1
290 Views
Last Modified: 2010-08-05
I've read that using the basic http authentication is insecure (it sends passwords cleartext, right?).  However, if someone is browsing my site via an SSL connection, would that password still be sent cleartext, or would it be encrypted as part of the SSL connection?

Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?

Using standard linux + apache.

Thanks.
0
Comment
Question by:jimstar
1 Comment
 
LVL 48

Accepted Solution

by:
Tintin earned 250 total points
ID: 12080249
Any traffic going over a HTTP connection is in clear text.  Anything going over a HTTPS connection is encrypted (including passwords).

WIth the redirection, it depends where the htaccess authentication occurs.  If it occurs on the HTTPS redirect, then the password will be encrypted, otherwise it will be plain text.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question