[vox-tech] htaccess and encrypted passwords
Ryan
cjg5ehir02 at sneakemail.com
Wed Mar 16 00:56:43 PST 2005
On Tuesday 15 March 2005 10:56 pm, p-at-dirac.org (Peter Jay Salzman) |lugod|
> I've read that it's possible to make this more secure than sending a
> password uuencoded over the net. I've seen references to md5 protecting
> the password, but the documents I read said that no browser supports this.
> Is this true?
It is supported by most browsers.
"Note: Digest authentication is more secure than Basic authentication, but
only works with supporting browsers. As of September 2004, major browsers
that support digest authentication include Amaya, Konqueror, MS Internet
Explorer for Mac OS X and Windows (although the Windows version fails when
used with a query string -- see "Working with MS Internet Explorer" below for
a workaround), Mozilla, Netscape 7, Opera, and Safari. lynx does not
support digest authentication. Since digest authentication is not as widely
implemented as basic authentication, you should use it only in environments
where all users will have supporting browsers."
http://httpd.apache.org/docs/mod/mod_auth_digest.html
--
Ryan Castellucci - http://ryanc.org/
GPG Key: http://ryanc.org/files/publickey.asc
More information about the vox-tech
mailing list