.htaccess and SSL

From: Evan D. Hoffman (evan@LinenPlace.com)
Date: 11/29/01


Message-ID: <5035058FAE68D4119D8B009027D0C16AB2C0@SERVER>
From: "Evan D. Hoffman" <evan@LinenPlace.com>
To: security-basics@securityfocus.com
Subject: .htaccess and SSL
Date: Thu, 29 Nov 2001 13:14:51 -0500

Recently there has been mention in the news about Google et al indexing
"sensitive" data. I was wondering what everyone thinks is the best way of
protecting such information. Currently I administer a site that uses the
Apache .htaccess file for authentication. All of the tools are HTTP based.
Since I started here I have moved all of the administration tools and other
sensitive information to https, but the authentication is still with Apache.

I am still relatively new to the intracacies of Apache and SSL. Is
.htaccess authentication over SSL (128 bit) an "acceptable" authentication
scheme? I assume the SSL connection is established before the
login/password are sent so they should be "safe".

TIA