You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John Clegg <cl...@attglobal.net> on 2003/05/14 00:08:24 UTC
[users@httpd] A question about how the user/password data is sent for .htaccess
Hi
I have a question about how the data is sent when the apache asks for a
username and password via a .htaccess configuration. Is the data sent via
plain text ?
Thanks
John Clegg
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] A question about how the user/password data is
sent for .htaccess
Posted by Joshua Slive <jo...@slive.ca>.
On Wed, 14 May 2003, John Clegg wrote:
> Hi
>
> I have a question about how the data is sent when the apache asks for a
> username and password via a .htaccess configuration. Is the data sent via
> plain text ?
Essentially, yes. I believe it is base64 encoded. Check the HTTP/1.1
spec for the details.
If you want something a little more secure, consider digest auth.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org