Date: Sat, 23 Jun 2001 14:13:39 -0500 From: Mike Meyer <mwm@mired.org> To: dave@hawk-systems.com (Dave) Cc: questions@freebsd.org Subject: Re: SSL and .htaccess files Message-ID: <15156.60003.996377.495663@guru.mired.org> In-Reply-To: <96278681@toto.iv>
next in thread | previous in thread | raw e-mail | index | archive | help
Dave <dave@hawk-systems.com> types: > just a quick clarification... > > assuming I call the URL https://mydomain.com/secret > and the /secret directory has an .htaccess override to work from a > local .htpasswd file > > is the username/password transaction for the htaccess authentication > encrypted over the ssl connection? or is it open text? The *protocol* in this case is https. That's HTTP over an SSL connection, so that every part of the HTTP transaction is encrypted, not just the username/password part of it. You can't change the protocol with a .htaccess override - by that time, the connection is already set up. You could add extra encryption by using digest authentication in the .htaccess file, but that's sort of pointless. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15156.60003.996377.495663>