LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-12-2008, 04:35 AM   #1
noir911
Member
 
Registered: Apr 2004
Location: Baltimore, MD
Posts: 681

Rep: Reputation: Disabled
.htaccess and clear-text password


I have a lot of .htaccess files pointing to LDAP for authentication. When users authenticate, their username and password fly clear-text on the network. Is there anyway to encrypt these passwords so when they fly on the network, the fly encrypted? I don't want to HTTPS the entire site or various different places I use .htaccess - that would require too much work in httpd.conf. I would rather do something on the .htaccess file if that's at all possible.

Any help on this would be much appreciated. Thanks.
 
Old 05-12-2008, 01:55 PM   #2
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Somebody other will very probably be able to give deeper answers, but searching the web gives sites like this:

askapache.com/htaccess/apache-ssl-in-htaccess-examples.html

Quoted from the above page:
Quote:
Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

Additional https/ssl information

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Is that what you're looking for (SSLRequireSSL)?

I'd say if you're running a server, altering a configuration file (httpd.conf) can't possibly be too much work, if it's about security
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't clear CMOS Password adamis Linux - Hardware 3 10-27-2006 02:08 PM
Passwords sent in clear text? Synesthesia Linux - Security 4 08-19-2006 11:35 AM
.htaccess and password protect comptech520 Linux - General 1 06-12-2006 11:45 AM
phpldapadmin & clear text cookies [GOD]Anck Linux - Security 4 01-31-2005 08:41 AM
If you use secure IMAP, does your password go clear text? cryptosporidium Linux - Security 1 03-25-2004 03:11 AM


All times are GMT -5. The time now is 02:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration