httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] LDAP authentication with password encryption from browser to web server
Date Sat, 25 Sep 2010 00:21:14 GMT
> I understand that I could force the users to use an https URL instead of an
> http URL, but that seems like it would be overkill.  If that is the only
> solution to this issue, then we would really want the user to authenticate
> over https, but then fall back to http for all of the rest of the
> communications to the web server so as not to incur the inherent performance
> penalty of https.  Any hints on how to do that effectively/efficiently would
> be welcome in that case.

You can't do this with basic authentication, because your browser only
prompts you once but transmits the password every subsequent protected
page.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message