You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by John Clegg <cl...@attglobal.net> on 2003/05/14 00:08:24 UTC

[users@httpd] A question about how the user/password data is sent for .htaccess

Hi

I have a question about how the data is sent when the apache asks for a
username and password via a .htaccess configuration. Is the data sent via
plain text ?

Thanks

John Clegg





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] A question about how the user/password data is sent for .htaccess

Posted by Joshua Slive <jo...@slive.ca>.

On Wed, 14 May 2003, John Clegg wrote:

> Hi
>
> I have a question about how the data is sent when the apache asks for a
> username and password via a .htaccess configuration. Is the data sent via
> plain text ?

Essentially, yes.  I believe it is base64 encoded.  Check the HTTP/1.1
spec for the details.

If you want something a little more secure, consider digest auth.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org