jimstar
asked on
https and htaccess authentication
I've read that using the basic http authentication is insecure (it sends passwords cleartext, right?). However, if someone is browsing my site via an SSL connection, would that password still be sent cleartext, or would it be encrypted as part of the SSL connection?
Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?
Using standard linux + apache.
Thanks.
Also, if I redirect the user from a non-ssl part of the site to an SSL part of the site and at the same time authenticate the user via htaccess authentication, would it establish the SSL connection before transmitting the password, or would that happen after it establishes htaccess login?
Using standard linux + apache.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.