Re: A more secure form of .htaccess?
You might want to take a look at using digest authentication, which sends a MD5 digest of the pasword instead of the actual password.
http://httpd.apache.org/docs/howto/auth.html
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this system, and their login
> determines what they are allowed to do within the system. I am
> concerned that their logging in with cleartext passwords is a security
> risk. I work in a K-12 school enviroment, and many of these students
> are rather devious and resourceful (as I was at that age :) ). My fear
> is some bright student setting a sniffer up on my network and gleaning
> passwords from it.
>
> I am wondering if any of you have had similar problems. What is a more
> secure way for people to login? Is SSL an option, and if so, how do I
> go about using it? Do I have to purchase a certificate? Or is there
> some other option? Finally, should I be using .htaccess at all, or is
> there a better way? Thank you in advance for your advice.
--
------SupplyEdge-------
Greg Hunt
800-733-3380 x 107
greg@supplyedge.com
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: