Solved

https and htaccess authentication

Posted on 2004-09-16
1
294 Views
Last Modified: 2010-08-05
I've read that using the basic http authentication is insecure (it sends passwords cleartext, right?).  However, if someone is browsing my site via an SSL connection, would that password still be sent cleartext, or would it be encrypted as part of the SSL connection?

Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?

Using standard linux + apache.

Thanks.
0
Comment
Question by:jimstar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 48

Accepted Solution

by:
Tintin earned 250 total points
ID: 12080249
Any traffic going over a HTTP connection is in clear text.  Anything going over a HTTPS connection is encrypted (including passwords).

WIth the redirection, it depends where the htaccess authentication occurs.  If it occurs on the HTTPS redirect, then the password will be encrypted, otherwise it will be plain text.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
add a syntax to a csv file 8 99
Transforming a Soap message to a simple xml message! 10 156
Is it true to say that Python is successor of Perl? 7 212
read an xml file in perl 2 69
Many time we need to work with multiple files all together. If its windows system then we can use some GUI based editor to accomplish our task. But what if you are on putty or have only CLI(Command Line Interface) as an option to  edit your files. I…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question