[users@httpd] httpd authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] httpd authentication
From: Matthew Hersant <matt_hersant@xxxxxxxxx>
Date: Thu, 1 Jun 2006 12:44:13 -0700 (PDT)
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxx
Delivered-to: apmail-httpd-users-archive@xxxxxxxxxxxxxxxx
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

A question regarding httpd authentication.   Currently I am using the default base64 method, which I believe is  insecure.  Also only the first 8 characters of our passwords are  actually encrypted.  We have several scripts which verify  passwords from the htpassword file.  Mostly using the perl pack  function.  I've also read about htdigest (md5), but have heard  this has security holes too.  The question is: I'd like to upgrade  our password security.  i.e. having more characters encrypted and  use a stronger digest for the encryption.  I would also like to  stick with an apache-based authentication method.  Can someone  offer some suggestions?

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Follow-Ups:
- Re: [users@httpd] httpd authentication
  - From: Mark H. Wood
- Re: [users@httpd] httpd authentication
  - From: William A. Rowe, Jr.

Prev by Date: Re: [users@httpd] Apache not sending page content
Next by Date: [users@httpd] Https connection intterupted in Mozilla Browsers
Previous by thread: [users@httpd] Apache 2.2: No groups file?
Next by thread: Re: [users@httpd] httpd authentication
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]