?
Solved

https and htaccess authentication

Posted on 2004-09-16
1
Medium Priority
?
301 Views
Last Modified: 2010-08-05
I've read that using the basic http authentication is insecure (it sends passwords cleartext, right?).  However, if someone is browsing my site via an SSL connection, would that password still be sent cleartext, or would it be encrypted as part of the SSL connection?

Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?

Using standard linux + apache.

Thanks.
0
Comment
Question by:jimstar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 48

Accepted Solution

by:
Tintin earned 1000 total points
ID: 12080249
Any traffic going over a HTTP connection is in clear text.  Anything going over a HTTPS connection is encrypted (including passwords).

WIth the redirection, it depends where the htaccess authentication occurs.  If it occurs on the HTTPS redirect, then the password will be encrypted, otherwise it will be plain text.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question