[vox-tech] htaccess and encrypted passwords
Peter Jay Salzman
p at dirac.org
Tue Mar 15 22:56:37 PST 2005
For the first time tonight, I started playing around with .htaccess to
protect files in a particular directory. The .htaccess file in question has
permissions of 644, and is:
AuthUserFile /etc/XXXXXXXXXXXXXXX
AuthGroupFile /dev/null
AuthName XXXXXXXXXX
AuthType Basic
<Limit GET POST PUT>
require user XXXXXX
</Limit>
Also, to protect the .htaccess file itself, I placed this in
/etc/apache/httpd.conf:
<Files .htaccess>
order allow,deny
deny from all
</Files>
I've read that it's possible to make this more secure than sending a
password uuencoded over the net. I've seen references to md5 protecting the
password, but the documents I read said that no browser supports this.
Is this true?
Any other way to make this reasonably more secure?
This is new territory for me...
Thanks,
Pete
--
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
More information about the vox-tech
mailing list