Re: A more secure form of .htaccess?

To: Schusselig Brane <willwesleyccna@yahoo.de>
Cc: debian-security@lists.debian.org
Subject: Re: A more secure form of .htaccess?
From: eim <eim@eimbox.org>
Date: Fri, 26 Apr 2002 17:57:54 +0200
Message-id: <[🔎] 20020426175754.A3632@eimbox.org>
In-reply-to: <[🔎] 3CC8C4CF.7CE1FB1B@yahoo.de>; from willwesleyccna@yahoo.de on Thu, Apr 25, 2002 at 09:09:03PM -0600
References: <[🔎] A539E2F50FF6D3119B7400E018C2FBE909082E@endeavor.parlier.k12.ca.us> <[🔎] 3CC8C4CF.7CE1FB1B@yahoo.de>

Hallo Brane,

I'm actually a K-13 student, and so in my 'strategic'
position I'm on both sides, admin of debian box and 3v1l cracker :)

No, well.. I was just kidding, I have really better things to
do than actually cracking Debian boxes in pubblic environments,
but anyway I what do you think about using https for .htaccess
authentication ?

With https data will be encripted and it's impossible to
find out login and password because they're not sent over
the net in a clear way.

Consider using https.

Good work and protect your boxes !

 - Ivo

On Thu, Apr 25, 2002 at 09:09:03PM -0600, Schusselig Brane wrote:
> Tom Dominico wrote:
> > 
> > Hello all,
> > 
> > I have written some php-based internal systems for our users.  Users are
> > required to authenticate to access this system, and their login
> > determines what they are allowed to do within the system.  I am
> > concerned that their logging in with cleartext passwords is a security
> > risk.  I work in a K-12 school enviroment, and many of these students
> > are rather devious and resourceful (as I was at that age :) ).  My fear
> > is some bright student setting a sniffer up on my network and gleaning
> > passwords from it.
> > 
> > I am wondering if any of you have had similar problems.  What is a more
> > secure way for people to login?  Is SSL an option, and if so, how do I
> > go about using it?  Do I have to purchase a certificate?  Or is there
> > some other option?  Finally, should I be using .htaccess at all, or is
> > there a better way?  Thank you in advance for your advice.
> 
> Another option would be to run switches instead of normal hub or bus
> topology. Switches tend not to allow other nodes on a network to see
> data that is passing over it. However, it will more than likely prove to
> be a PITA to convince budget makers to allow the expense of the new
> equipment.
> 
> Useless input, I know. But, I didn't see anyone else mention this. As a
> side note, if your installation is new enough, switches may already be
> in place, and you don't have much to worry about as far as stuff getting
> sniffed off the network. That is, of course, if the network was designed
> with that in mind.
> 
> -Will Wesley, CCNA
> To make tax forms true they should read "Income Owed Us" and "Incommode
> You".
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: A more secure form of .htaccess?
  - From: "Dan Faerch" <dan@fake.dk>
- Re: A more secure form of .htaccess?
  - From: martin f krafft <madduck@madduck.net>

References:
- A more secure form of .htaccess?
  - From: "Tom Dominico" <tdominico@parlier.k12.ca.us>
- Re: A more secure form of .htaccess?
  - From: Schusselig Brane <willwesleyccna@yahoo.de>

Prev by Date: Re: problem to translate DSA 125 in french
Next by Date: Re: A more secure form of .htaccess?
Previous by thread: Re: A more secure form of .htaccess?
Next by thread: Re: A more secure form of .htaccess?
Index(es):
- Date
- Thread