.htaccess and SSL

From: Evan D. Hoffman (evan@LinenPlace.com)
Date: 11/29/01


Message-ID: <5035058FAE68D4119D8B009027D0C16AB2C0@SERVER>
From: "Evan D. Hoffman" <evan@LinenPlace.com>
To: security-basics@securityfocus.com
Subject: .htaccess and SSL
Date: Thu, 29 Nov 2001 13:14:51 -0500

Recently there has been mention in the news about Google et al indexing
"sensitive" data. I was wondering what everyone thinks is the best way of
protecting such information. Currently I administer a site that uses the
Apache .htaccess file for authentication. All of the tools are HTTP based.
Since I started here I have moved all of the administration tools and other
sensitive information to https, but the authentication is still with Apache.

I am still relatively new to the intracacies of Apache and SSL. Is
.htaccess authentication over SSL (128 bit) an "acceptable" authentication
scheme? I assume the SSL connection is established before the
login/password are sent so they should be "safe".

TIA



Relevant Pages

  • Re: .htaccess and SSL
    ... authentication is done through SSL, ... Make sure that .htaccess files are non-retrievable (but still readable ... but the authentication is still with Apache. ...
    (Security-Basics)
  • RE: php4
    ... Mod_php4 only gets loaded if you define SSL. ... Of course I restarted apache after the install... ... # Based upon the NCSA server configuration files originally by Rob McCool. ... Not all browsers support this. ...
    (freebsd-newbies)
  • RE: php4
    ... Mod_php4 only gets loaded if you define SSL. ... Of course I restarted apache after the install... ... # Based upon the NCSA server configuration files originally by Rob McCool. ... Not all browsers support this. ...
    (freebsd-questions)
  • Re: Mixed Mode Authentication in .net 2.0
    ... There are two parts to SSL, which is why this can be confusing. ... encryption and authentication of the server. ... ADFS supports a component called the federation service proxy which is ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Search not working
    ... Management>Authentication Providers>Edit Authentication, does not provide the ... ability to indicate whether the web application is using SSL or not. ... I changed IIS Authentication for the web site back to Integrated ... I have installed an SSL certificate and required SSL ...
    (microsoft.public.sharepoint.windowsservices)