On Fri, 07 Aug 2009 14:08:27 -0400, Josh Gooding wrote:[...]
> No, my understanding is login's weren't encrypted unless SSL was used.
>
> Scott, I'm not a sysadmin, but does win2k3 server have something like
> iptables? That MIGHT be a little more helpful, I'll have to research it
> more, however, I still need to figure out how to drop SSL after the
> login screen. Let me do some more digging around the internet.
>
> The login password is encrypted with MD5 before checking the DB and
> stored in the DB as an MD5 hash, so with that being said, is SSL even
> neccessary on the login to the software?
>
> Thank you again for all the responses and advice. It is highly
> appreciated.
>
> - Josh
>
I'm not sure I would block DNS on a Windows system, certainly
if it is doing anything else but being a server. But then
I would not use a Windows system for a server.
I suspect that what you want to do can be accomplished
with mod_ssl, mod_rewrite, <Directory> and <VirtualHost>.
I don't see my way right to it, but, for example,
RewriteCond %{REMOTE_USER} !^.+$
RewriteRule $.*$ - [F]
or some such thing properly placed might be useful.
Detailed tutorials for these capabilities can be found on
the Apache web site. Some study would be required.
HTH.
Mike.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|