Actually, I am planning on having a fully https:// site. But, I still want to restrict certain reports directories. So, let me see if I understand... Once I am connected via SSL, then the password sent (after getting the lock icon on the bottom) will also be encrypted?
-----Original Message----- From: Peter Viertel [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 1:04 PM To: [EMAIL PROTECTED] Subject: Re: Password protected access Sure, If you're going to use the default http auth mechanism, then use SSL. if the URL is https:// something then it's all encrypted. (ok, unless you do something really odd with the server config). Note that the 'password window' is something your browser displays - once it's got the password it will usually post that password in a header in every subsequent request to the same domain name. If you're not planning on using SSL (one would then ask why you posted the question to modssl-users....) then consider using mod_auth_digest. Potts, Ross A. wrote: >Is there a way to encrypt the login window That I get when I want to reach >restricted areas? I have the password file setup and can log in, but I >understand that the password is sent in plaintext. I didn't see much in the >way of documentation about this. >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
