Recently there has been mention in the news about Google et al indexing "sensitive" data. I was wondering what everyone thinks is the best way of protecting such information. Currently I administer a site that uses the Apache .htaccess file for authentication. All of the tools are HTTP based. Since I started here I have moved all of the administration tools and other sensitive information to https, but the authentication is still with Apache.
I am still relatively new to the intracacies of Apache and SSL. Is .htaccess authentication over SSL (128 bit) an "acceptable" authentication scheme? I assume the SSL connection is established before the login/password are sent so they should be "safe". TIA
