.htaccess and SSLFrom: Evan D. Hoffman (evan@LinenPlace.com)
- Previous message: Graepel, Mark D - CNF: "RE: Safeweb.com no more free !!!!!!!!!! AGAIN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <5035058FAE68D4119D8B009027D0C16AB2C0@SERVER> From: "Evan D. Hoffman" <evan@LinenPlace.com> To: firstname.lastname@example.org Subject: .htaccess and SSL Date: Thu, 29 Nov 2001 13:14:51 -0500
Recently there has been mention in the news about Google et al indexing
"sensitive" data. I was wondering what everyone thinks is the best way of
protecting such information. Currently I administer a site that uses the
Apache .htaccess file for authentication. All of the tools are HTTP based.
Since I started here I have moved all of the administration tools and other
sensitive information to https, but the authentication is still with Apache.
I am still relatively new to the intracacies of Apache and SSL. Is
.htaccess authentication over SSL (128 bit) an "acceptable" authentication
scheme? I assume the SSL connection is established before the
login/password are sent so they should be "safe".