Re: A more secure form of .htaccess?
You might want to take a look at using digest authentication, which sends a MD5 digest of the pasword instead of the actual password.
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this system, and their login
> determines what they are allowed to do within the system. I am
> concerned that their logging in with cleartext passwords is a security
> risk. I work in a K-12 school enviroment, and many of these students
> are rather devious and resourceful (as I was at that age :) ). My fear
> is some bright student setting a sniffer up on my network and gleaning
> passwords from it.
> I am wondering if any of you have had similar problems. What is a more
> secure way for people to login? Is SSL an option, and if so, how do I
> go about using it? Do I have to purchase a certificate? Or is there
> some other option? Finally, should I be using .htaccess at all, or is
> there a better way? Thank you in advance for your advice.
800-733-3380 x 107
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org