-   Linux - Server (
-   -   .htaccess and clear-text password (

noir911 05-12-2008 03:35 AM

.htaccess and clear-text password
I have a lot of .htaccess files pointing to LDAP for authentication. When users authenticate, their username and password fly clear-text on the network. Is there anyway to encrypt these passwords so when they fly on the network, the fly encrypted? I don't want to HTTPS the entire site or various different places I use .htaccess - that would require too much work in httpd.conf. I would rather do something on the .htaccess file if that's at all possible.

Any help on this would be much appreciated. Thanks.

b0uncer 05-12-2008 12:55 PM

Somebody other will very probably be able to give deeper answers, but searching the web gives sites like this:

Quoted from the above page:

Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

Additional https/ssl information

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""
ErrorDocument 403
Is that what you're looking for (SSLRequireSSL)?

I'd say if you're running a server, altering a configuration file (httpd.conf) can't possibly be too much work, if it's about security :)

All times are GMT -5. The time now is 08:25 PM.