htaccess security

Discussion in 'HTML' started by chlori, Jan 10, 2005.

  1. chlori

    chlori Guest

    How secure is a .htaccess password protection really?

    Sometimes I read it's secure, sometimes I read it's not
    really secure (transmitted in clear text)...

    How easy is it to hack a directory protected with
    ..htaccess?

    --
    chlori
    chlori, Jan 10, 2005
    #1
    1. Advertising

  2. chlori wrote:
    > How secure is a .htaccess password protection really?


    Assuming that the passwords used are secure, and assuming that no new
    security holes are discovered in your server software, there's no way to
    just pull the passwords out of the sky. A cracker could try to intercept
    the packets carrying the password, but that's very hard: in addition to
    the knowledge required to pull it off, they would have to put a server
    in between your site's user and your server, which would be anything but
    easy. If you're protecting government secrets, you'll want to use
    something more secure, but HTTP basic authentication should be suitable
    for most needs.

    > How easy is it to hack a directory protected with .htaccess?


    Please don't use the word "hack" or "hacker" to refer to malicious acts
    or individuals breaking into computer systems. It's insulting to true
    hackers.
    Leif K-Brooks, Jan 10, 2005
    #2
    1. Advertising

  3. chlori

    Toby Inkster Guest

    chlori wrote:

    > How secure is a .htaccess password protection really?


    If you're using HTTPS then it's very secure. If you're not, but you're
    using Digest authentication then it's quite secure. If you're not using
    HTTPS and not using Digest authentication then it's vaguely secure.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me ~ http://tobyinkster.co.uk/contact
    Toby Inkster, Jan 10, 2005
    #3
  4. chlori

    chlori Guest

    Leif K-Brooks schrieb am 10.01.2005 17:24:
    > Assuming that the passwords used are secure, and assuming that no new
    > security holes are discovered in your server software, there's no way to
    > just pull the passwords out of the sky. A cracker could try to intercept
    > the packets carrying the password, but that's very hard: in addition to
    > the knowledge required to pull it off, they would have to put a server
    > in between your site's user and your server, which would be anything but
    > easy. If you're protecting government secrets, you'll want to use
    > something more secure, but HTTP basic authentication should be suitable
    > for most needs.


    Thanks for your answer. I think it's safe enough for my
    needs. The idea is just that each member has his own
    page where he can easily save notes online while
    working and access them from everywhere...

    >> How easy is it to hack a directory protected with .htaccess?

    >
    > Please don't use the word "hack" or "hacker" to refer to malicious acts
    > or individuals breaking into computer systems. It's insulting to true
    > hackers.


    Ok, that's news for me... So hackers are friendly,
    curious and have a lot of time - crackers are the bad
    guys making me buy a firewall etc?

    --
    chlori
    chlori, Jan 10, 2005
    #4
  5. chlori

    Jan Faerber Guest

    Jan Faerber, Jan 12, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stoco

    .htaccess and perl cgi

    Stoco, Jan 12, 2004, in forum: Perl
    Replies:
    0
    Views:
    2,841
    Stoco
    Jan 12, 2004
  2. Steve

    servlet et .htaccess

    Steve, May 6, 2004, in forum: Java
    Replies:
    1
    Views:
    1,161
    Michael Scovetta
    May 6, 2004
  3. Replies:
    1
    Views:
    562
    Michael Wojcik
    May 28, 2005
  4. David Dorward
    Replies:
    2
    Views:
    1,689
    Art Sackett
    Jun 29, 2003
  5. joe

    detecting htaccess security

    joe, Oct 5, 2007, in forum: Javascript
    Replies:
    1
    Views:
    71
    Thomas 'PointedEars' Lahn
    Oct 5, 2007
Loading...

Share This Page