httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dick Davies <rasput...@hellooperator.net>
Subject Re: [users@httpd] Basic Authentication question
Date Thu, 12 May 2005 11:31:42 GMT
* Boyle Owen <Owen.Boyle@swx.com> [0523 12:23]:
> > -----Original Message-----
> > From: K Anand [mailto:kanand@sail-steel.com]
> > Sent: Donnerstag, 12. Mai 2005 10:46
> > To: users@httpd.apache.org
> > Subject: Re: [users@httpd] Basic Authentication question
> > 
> > 
> > Thanx...I used ethereal to see the flow of data between browser and
> > server...one point though...I was able to see my password in 
> > clear text in
> > ethereal. So it is possible that it could be open to the public ??
> 
> Of course. What made you think it might be secure?
> 
> If you want to hide the PW, you have to use HTTPS. However, be aware that Basic authentication
is not very secure anyway (see http://httpd.apache.org/docs/howto/auth.html#basiccaveat)

You make it sound as though it's still a problem over SSL - is that what you mean?
 
-- 
'My life, and by extension everyone else's, is meaningless.'
		-- Bender
Rasputin :: Jack of All Trades - Master of Nuns

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message