From owner-freebsd-questions Sat Jun 23 12:13:44 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-141-144.mmcable.com [24.27.141.144]) by hub.freebsd.org (Postfix) with SMTP id 29E9737B405 for ; Sat, 23 Jun 2001 12:13:41 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 57695 invoked by uid 100); 23 Jun 2001 19:13:40 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15156.60003.996377.495663@guru.mired.org> Date: Sat, 23 Jun 2001 14:13:39 -0500 To: dave@hawk-systems.com (Dave) Cc: questions@freebsd.org Subject: Re: SSL and .htaccess files In-Reply-To: <96278681@toto.iv> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dave types: > just a quick clarification... > > assuming I call the URL https://mydomain.com/secret > and the /secret directory has an .htaccess override to work from a > local .htpasswd file > > is the username/password transaction for the htaccess authentication > encrypted over the ssl connection? or is it open text? The *protocol* in this case is https. That's HTTP over an SSL connection, so that every part of the HTTP transaction is encrypted, not just the username/password part of it. You can't change the protocol with a .htaccess override - by that time, the connection is already set up. You could add extra encryption by using digest authentication in the .htaccess file, but that's sort of pointless. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message