httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject RE: How Secure is .htaccess?
Date Tue, 19 Feb 2002 17:50:14 GMT

From: SSleeper [mailto:SSleeper@iProsperOnline.com]

> How secure is .htaccess, can I trust it with private info?

[Please post in plain text]

That question is ambiguous.  For one thing, .htaccess is just a
configuration file, like httpd.conf.  You can put most Apache directives in
.htaccess.  For another thing, what does "private info" mean, and what does
"trust" mean?  You need to ask a much more specific question.

Taking a wild guess: If you are asking whether HTTP basic authentication is
secure from sniffing, the answer is "no".  The password is sent unencrypted
on each request and can be easily read off the wire.  If you need secure,
you should use SSL.

Joshua.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message