Hi everybody.We have a really complex issue and we aren't able to imagine how could it be solved. We hope that maybe some Apache expert will give us some ideas. Please, if this is not the correct list, tell me where should I send this email.
We have a Drupal 6 installation which serves video (Flash & HTML5) working over Apache 2.2.15 in CentOS 6. We want all passwords to be sent encrypted in this platform.
Configuring a full SSL Apache is not a good solution, because there are huge videos uploaded and encrypting them would have a great impact in the performance.
Protecting Drupal's login is quite simple. There is a module that protects only the login module, so this solution is perfect for us.
However, with some specially sensible videos we also have an extra protection. We set an htaccess with mod_authn_dbd linked with Drupal database, so direct access to these resources URLs is protected with the same user & password used in Drupal.
Is this validation which we are stuck with. If we set AuthType Basic, passwords are sent in plain text. If we set Digest, it doesn't work because Digest needs a fixed format (User:Realm:Password in MD5) and Drupal passwords are different (just password in MD5).
Apache httpd.conf allows to serve some resources through port 80 and another ones through 443, but the resource to protect must be served through port 80, so htaccess is also sent through it.
We are really blocked here. Please, could somebody give us any advice? Many thanks in advance. -- Daniel Merino Echeverría daniel.merino@xxxxxxxxxxx Gestor de teleformación - Centro Superior de Innovación Educativa. Tfno: 948-168489 - Universidad Pública de Navarra. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx