Topic: How secure is the user-id dialog? Pages that link to <a href="https://ozoneasylum.com/backlink?for=9686" title="Pages that link to Topic: How secure is the user-id dialog?" rel="nofollow" >Topic: How secure is the user-id dialog?\

 
Author Thread
hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana, USA
Insane since: Aug 2000

IP logged posted posted 09-30-2003 21:15 Edit Quote

I was having a discussion with a friend about the user-id/password box that pops up on some web pages and I said I had heard some time ago that these boxes are as secure as you would need to protect a site or a page. He said he thought they had been hacked in the last couple of years and you need extra security measures to make sure unauthorized people don't get into the site.

Does anyone know how secure the user-id/password dialog provided by .htaccess is?

-- not necessarily stoned... just beautiful.

Slime
Lunatic (VI) Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

IP logged posted posted 09-30-2003 22:09 Edit Quote

Over a secure connection, they're as secure as anything. Without a secure connection, even though the password is encrypted on the server, one could intercept someone's login on the way to the server and determine what their password is.

Hiroki
Paranoid (IV) Inmate

From: NZ
Insane since: Dec 2002

IP logged posted posted 10-01-2003 12:36 Edit Quote

Is that something like https or those kind of things, Slime?

Hiroki Kozai

hyperbole
Paranoid (IV) Inmate

From: Madison, Indiana, USA
Insane since: Aug 2000

IP logged posted posted 10-02-2003 17:28 Edit Quote

Yes Hiroki,

He's refering to accessing the page through SSL. These pages usually use the .shtml extension.

Thanks Slime. Do you have any idea the encryption size used by apache for the passwords?




-- not necessarily stoned... just beautiful.

Slime
Lunatic (VI) Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

IP logged posted posted 10-02-2003 19:22 Edit Quote

Yeah, I was referring to https. (.shtml doesn't actually have anything to do with security; it usually has to do with SSI includes on the server.)

I'm not sure what the encryption size is. If you need more information, you should search google for something like "htpasswd".



Post Reply
 
Your User Name:
Your Password:
Login Options:
 
Your Text:
Loading...
Options:


« BackwardsOnwards »

Show Forum Drop Down Menu