Re: A more secure form of .htaccess?
Tom Dominico wrote:
>
> Hello all,
>
> I have written some php-based internal systems for our users. Users are
> required to authenticate to access this system, and their login
> determines what they are allowed to do within the system. I am
> concerned that their logging in with cleartext passwords is a security
> risk. I work in a K-12 school enviroment, and many of these students
> are rather devious and resourceful (as I was at that age :) ). My fear
> is some bright student setting a sniffer up on my network and gleaning
> passwords from it.
>
> I am wondering if any of you have had similar problems. What is a more
> secure way for people to login? Is SSL an option, and if so, how do I
> go about using it? Do I have to purchase a certificate? Or is there
> some other option? Finally, should I be using .htaccess at all, or is
> there a better way? Thank you in advance for your advice.
Another option would be to run switches instead of normal hub or bus
topology. Switches tend not to allow other nodes on a network to see
data that is passing over it. However, it will more than likely prove to
be a PITA to convince budget makers to allow the expense of the new
equipment.
Useless input, I know. But, I didn't see anyone else mention this. As a
side note, if your installation is new enough, switches may already be
in place, and you don't have much to worry about as far as stuff getting
sniffed off the network. That is, of course, if the network was designed
with that in mind.
-Will Wesley, CCNA
To make tax forms true they should read "Income Owed Us" and "Incommode
You".
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: