Re: A more secure form of .htaccess?
Hallo Brane,
I'm actually a K-13 student, and so in my 'strategic'
position I'm on both sides, admin of debian box and 3v1l cracker :)
No, well.. I was just kidding, I have really better things to
do than actually cracking Debian boxes in pubblic environments,
but anyway I what do you think about using https for .htaccess
authentication ?
With https data will be encripted and it's impossible to
find out login and password because they're not sent over
the net in a clear way.
Consider using https.
Good work and protect your boxes !
- Ivo
On Thu, Apr 25, 2002 at 09:09:03PM -0600, Schusselig Brane wrote:
> Tom Dominico wrote:
> >
> > Hello all,
> >
> > I have written some php-based internal systems for our users. Users are
> > required to authenticate to access this system, and their login
> > determines what they are allowed to do within the system. I am
> > concerned that their logging in with cleartext passwords is a security
> > risk. I work in a K-12 school enviroment, and many of these students
> > are rather devious and resourceful (as I was at that age :) ). My fear
> > is some bright student setting a sniffer up on my network and gleaning
> > passwords from it.
> >
> > I am wondering if any of you have had similar problems. What is a more
> > secure way for people to login? Is SSL an option, and if so, how do I
> > go about using it? Do I have to purchase a certificate? Or is there
> > some other option? Finally, should I be using .htaccess at all, or is
> > there a better way? Thank you in advance for your advice.
>
> Another option would be to run switches instead of normal hub or bus
> topology. Switches tend not to allow other nodes on a network to see
> data that is passing over it. However, it will more than likely prove to
> be a PITA to convince budget makers to allow the expense of the new
> equipment.
>
> Useless input, I know. But, I didn't see anyone else mention this. As a
> side note, if your installation is new enough, switches may already be
> in place, and you don't have much to worry about as far as stuff getting
> sniffed off the network. That is, of course, if the network was designed
> with that in mind.
>
> -Will Wesley, CCNA
> To make tax forms true they should read "Income Owed Us" and "Incommode
> You".
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: