Re: Securing Apache directory

Alex Lavrov. · ‎08-24-2005

Hello,

I have several pages in apache that I want to secure with user and password. Securing it with basic authentication in Apache is not enough.

Can you please suggest a good and relatively not very complicated ways to do it? Also, link to how-to guide will be more than appriciated :)

Alex.

I don't give a damn for a man that can only spell a word one way. (M. Twain)

Vibhor Kumar Agarwal · ‎08-24-2005

Try the crypt command.

Vibhor Kumar Agarwal

Robert Fritz · ‎08-26-2005

Note that Unix crypt is a poor encryption scheme.

I'd suggest HTTPS, using client and server side certificate checking vs. basic_auth (which is the native username/password scheme). HTTPS has been done a lot, so there are plenty of examples / libraries out there to help.

Alternatively, if you really want to use user/pass, you could *not* check the client cert (still checking server cert to avoid man-in-the middle), and then use basic auth over HTTPS.

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Securing Apache directory

Securing Apache directory

Re: Securing Apache directory

Re: Securing Apache directory