SSL + .htaccess / when encryption begins

shawn modersohn · Mar 28, 2006

I have a Linux Apache server where the root of the docs directory is
password protected with Basic Authentication. The server is behind a
router that only forwards to the 443 port. My question is, would the
user name and password still be sent unencrypted in this manner? When I
request /index.html I get the generic encryption warnings, I accept the
certificate for the current session, and I am then prompted for a user
name and password. Is the connection encrypted the moment I accept the
certificate?

Benjamin Niemann · Mar 28, 2006

shawn said:
I have a Linux Apache server where the root of the docs directory is
password protected with Basic Authentication. The server is behind a
router that only forwards to the 443 port. My question is, would the
user name and password still be sent unencrypted in this manner? When I
request /index.html I get the generic encryption warnings, I accept the
certificate for the current session, and I am then prompted for a user
name and password. Is the connection encrypted the moment I accept the
certificate?

The certificate popup opens when the browser establishes the TCP connection,
before any actual data is send over this connection.
If you accept the cert, the browser sends the request over this encrypted
connection, so your password is save.

Read out .htaccess password	0	Aug 25, 2007
client ssl verification	0	Mar 15, 2012
Web.config Encryption	2	May 21, 2007
htaccess auth question	3	Jan 13, 2006
Disable SSL-encryption on a SSLSocket	3	Mar 8, 2005
Trying to get SSL with client cert to work within POE environment	2	Nov 22, 2012
SSL beginner	3	Sep 13, 2005
Data encryption ?	4	Apr 9, 2004

SSL + .htaccess / when encryption begins

shawn modersohn

Benjamin Niemann

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads