> From: [EMAIL PROTECTED]
> Date: Sun, 06 Feb 2000 11:11:37 +0100
> Subject: RE: does ssl encrypt basic auth?
> To: [EMAIL PROTECTED]
>
> Ed Loehr wrote:
> >
> > Is a basic authentication password, entered via a connection to an
> > https/SSL server, encrypted or plain text across the wire?
> >
> Encrypted - but that question really doesn't belong here.
> It has nothing to do with modperl.
Yes, it is off-topic, but I am replying anyway, because you are slightly wrong. :)
If the first connection to a web site causes the authentication to be activated, the
password is _NOT_ encrypted. A successfull connection has to be established with a
secure web site before the encryption is turned on. After the first connection, every
other connection is then encrypted. The best way to ensure the password is encrypted
is to have one unprotected page to go to, with links to the protected parts. Client
connects to that page, encryption is on. Click on a link to a protected area,
authentication goes on, but everything is now encrypted, including username/password
given for authentication.
David McCabe Unix SysAdmin/Peon
Le Groupe Videotron [EMAIL PROTECTED] (514) 380 4433
Who were the beta testers for Preparations A through G?
