On Dec 16, 2007 1:06 PM, Bryan Richardson <btricha@xxxxxxxxx> wrote:
> Joshua,
>
> Thanks for responding. I had planned on looking into AuthDigest anyway, so
> I'll go ahead and do that. If I end up using AuthDigest, would it then make
> sense to only use SSL when actually logging in?
>
No, digest auth works the same way as basic except that it is much
more difficult to sniff the password on the wire. So you can often get
away without using SSL at all if you use digest.
> Also, just for sake of knowledge, how should I go about adding a Rewrite to
> my SSL host to redirect me to the non-SSL host once I've logged in?
It's essentially the exact opposite of the rewrite for the non-SSL
host (except you don't need the RewriteCond in either case, since the
port is already fixed in the vhost).
RewriteRule !trac/[^/]+/login$ http://%{SERVER_NAME}%{REQUEST_URI} [L,R]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|