httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Dessent <>
Subject Re: [users@httpd] avoid clear text password with ssl?
Date Thu, 05 Feb 2004 11:15:03 GMT
Please don't reply to completely unrelated threads with a new quesion. 
Start a new thread for a new topic.

Geoffrey wrote:

> We're looking for a authentication solution via Apache.  I've noted that
> mod_auth sends clear text passwords and was wondering if using SSL would
> resolve this issue?

Yes, everything sent through HTTPS is encrypted.  SSL lives at a lower
level than HTTP, so every aspect of the HTTP request is encrypted,
including any auth headers.

> I'm aware of mod_auth_digest, but as I understand, it's only available
> in 2.0 and it's status is 'experimental.'

mod_auth_digest works fine in 1.3, AFAIK.  I don't know much about its
stability but I've never heard of it being unstable.  I think the issue
is that the digest method was not supported for early browsers.  The
vast majority of browsers out there these days should work fine, but
double check the docs.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message