httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] Authentication options besides basic
Date Fri, 22 Dec 2017 18:07:53 GMT
Basic authentication within SSL connection is actually pretty secure, but not very user-friendly.
For instance, digest authentication is actually less secure, because it forces you to store
passwords in plaintext.

Form authentication, like everything inside the webpage, is better be left to a layer above
the web server. If you don't like basic authentication, you probably need to implement authentication
as part of your Tomcat application.
-- 

With Best Regards,
Marat Khalili

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message