[ale] Question

Jim Popovitch yahoo at jimpop.com
Fri Mar 7 21:10:02 EST 2008


On Fri, Mar 7, 2008 at 7:59 PM, James Sumners <james.sumners at gmail.com> wrote:
> That depends on the connection type: http or https. If it is http,
>  then the user sends the plain text password ("Irishboy"). If it is
>  https, then the transaction should be ecrypted point-to-point.

One additional point, with Apache 2.x you use htdigest instead of
htpasswd you can get better MD5 authentication. (yes, it's still
listed as experimental, but it sure beets passing near plaintext
around)
See: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html


-Jim P.


More information about the Ale mailing list