[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A more secure form of .htaccess?

You might want to take a look at using digest authentication, which sends a MD5 digest of the pasword instead of the actual password.

http://httpd.apache.org/docs/howto/auth.html

> I have written some php-based internal systems for our users.  Users are
> required to authenticate to access this system, and their login
> determines what they are allowed to do within the system.  I am
> concerned that their logging in with cleartext passwords is a security
> risk.  I work in a K-12 school enviroment, and many of these students
> are rather devious and resourceful (as I was at that age :) ).  My fear
> is some bright student setting a sniffer up on my network and gleaning
> passwords from it.
> 
> I am wondering if any of you have had similar problems.  What is a more
> secure way for people to login?  Is SSL an option, and if so, how do I
> go about using it?  Do I have to purchase a certificate?  Or is there
> some other option?  Finally, should I be using .htaccess at all, or is
> there a better way?  Thank you in advance for your advice.

-- 
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
greg@supplyedge.com


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: