Once you get a working setup of basic authentication,
these days; until apache.org addresses these authentication issues ...
Don't people first only do (apache) authentication using ssl
exclusively (level 0),
an last I heard people would use AuthType Digest (level I),
Re: http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html
Digest apache configuration, use and user agent (cpu / platform
specific) compatibility is just a little different than Basic.
Sadly, an perhaps the reason people give up on using good httpd server
authentication practices could be attributed to what results in the
lack of larger (standards) organisations even trying to advance
multi-browser support/compatibility for advanced (modular)
authentication feature sets different authentication schemes. I hear
apache.org is starting to respond to these weak areas of apache but
... time will tell.
User authentication using Basic Authentication is plain text secure
and just recently (in slow waves of the break down of MD5), MD5 Digest
Authentication is now more vulnerable than ever but still safer than
basic but even better is to use digest+ssl+application.
Often people will still follow up with application authentication (level II),
Lastly, ensure that the user/key combination are unique
between levels and full of entropy. (level III)
eh...
//kracker
From: http://tinyurl.com/rok7v
One word of warning: HTTP Basic Auth passwords pass in very nearly
plain-text over the network, and thus are extremely insecure. If
you're worried about password snooping, it may be best to use some
sort of SSL encryption, so that clients authenticate via https://
instead of http://; at a bare minimum, you can configure Apache to use
a self-signed server certificate. [23] Consult Apache's documentation
(and OpenSSL documentation) about how to do that.
On 7/28/06, Tony <vze2jy85@yahoo.com> wrote:
> I am trying to set up a basic authentication login for
> entry to a website using Apache.
>
> Tony
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Jul 30 13:44:53 2006
This archive was generated by hypermail 2.1.8 : Sun Jul 30 2006 - 13:44:53 AKDT