LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   .htaccess and clear-text password (http://www.linuxquestions.org/questions/linux-server-73/htaccess-and-clear-text-password-641592/)

noir911 05-12-2008 04:35 AM

.htaccess and clear-text password
 
I have a lot of .htaccess files pointing to LDAP for authentication. When users authenticate, their username and password fly clear-text on the network. Is there anyway to encrypt these passwords so when they fly on the network, the fly encrypted? I don't want to HTTPS the entire site or various different places I use .htaccess - that would require too much work in httpd.conf. I would rather do something on the .htaccess file if that's at all possible.

Any help on this would be much appreciated. Thanks.

b0uncer 05-12-2008 01:55 PM

Somebody other will very probably be able to give deeper answers, but searching the web gives sites like this:

askapache.com/htaccess/apache-ssl-in-htaccess-examples.html

Quoted from the above page:
Quote:

Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

Additional https/ssl information

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Is that what you're looking for (SSLRequireSSL)?

I'd say if you're running a server, altering a configuration file (httpd.conf) can't possibly be too much work, if it's about security :)


All times are GMT -5. The time now is 10:57 PM.