[NBLUG/talk] [WLUG] web logons

Sean seanvanco at gmail.com
Mon Jan 28 08:15:42 PST 2008


At the risk of sounding obvious, I wanted to point out that while that
works quite well, it will send any logins to your server in the clear.
If you want to keep your passwords secure/encrypted, you might want to
generate (or purchase if you want it to look official) an SSL cert and
use https. As I recall you can also use the .htaccess file to force
https for that URL if someone tries to connect without https.

Here's some documentation from Apache on how to do this yourself
(works fine, but for those knowing what to look for it's obvious that
you generated it), but you might want to look into generating a CSR if
you want to buy a signed SSL cert from a Certificate Authority to make
it look official.

http://linuxpoison.blogspot.com/2007/10/howto-create-self-signed-ssl.html
(not sure if this is the best HowTo, but it's the best one I could
find in a few minutes)

Hope this helps!


Sean



More information about the talk mailing list