* Boyle Owen <Owen.Boyle@xxxxxxx> [0523 12:23]: > > -----Original Message----- > > From: K Anand [mailto:kanand@xxxxxxxxxxxxxx] > > Sent: Donnerstag, 12. Mai 2005 10:46 > > To: users@xxxxxxxxxxxxxxxx > > Subject: Re: [users@httpd] Basic Authentication question > > > > > > Thanx...I used ethereal to see the flow of data between browser and > > server...one point though...I was able to see my password in > > clear text in > > ethereal. So it is possible that it could be open to the public ?? > > Of course. What made you think it might be secure? > > If you want to hide the PW, you have to use HTTPS. However, be aware that Basic authentication is not very secure anyway (see http://httpd.apache.org/docs/howto/auth.html#basiccaveat) You make it sound as though it's still a problem over SSL - is that what you mean? -- 'My life, and by extension everyone else's, is meaningless.' -- Bender Rasputin :: Jack of All Trades - Master of Nuns --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|