Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 05-12-2008, 03:35 AM   #1
Registered: Apr 2004
Posts: 682

Rep: Reputation: Disabled
.htaccess and clear-text password

I have a lot of .htaccess files pointing to LDAP for authentication. When users authenticate, their username and password fly clear-text on the network. Is there anyway to encrypt these passwords so when they fly on the network, the fly encrypted? I don't want to HTTPS the entire site or various different places I use .htaccess - that would require too much work in httpd.conf. I would rather do something on the .htaccess file if that's at all possible.

Any help on this would be much appreciated. Thanks.
Old 05-12-2008, 12:55 PM   #2
LQ Guru
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
Somebody other will very probably be able to give deeper answers, but searching the web gives sites like this:

Quoted from the above page:
Fixing double-login problem and making sure authorization usernames/passwords are not sent in cleartext unencrypted.

Additional https/ssl information

SSLOptions +StrictRequire
SSLRequire %{HTTP_HOST} eq ""
ErrorDocument 403
Is that what you're looking for (SSLRequireSSL)?

I'd say if you're running a server, altering a configuration file (httpd.conf) can't possibly be too much work, if it's about security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't clear CMOS Password adamis Linux - Hardware 3 10-27-2006 01:08 PM
Passwords sent in clear text? Synesthesia Linux - Security 4 08-19-2006 10:35 AM
.htaccess and password protect comptech520 Linux - General 1 06-12-2006 10:45 AM
phpldapadmin & clear text cookies [GOD]Anck Linux - Security 4 01-31-2005 07:41 AM
If you use secure IMAP, does your password go clear text? cryptosporidium Linux - Security 1 03-25-2004 02:11 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:35 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration