[EMAIL PROTECTED] wrote:
Ed Loehr wrote:
Is a basic authentication password, entered via a connection to an
https/SSL server, encrypted or plain text across the wire?
Encrypted - but that question really doesn't belong here.
It has nothing to do with modperl.
Yes, some of your
From: [EMAIL PROTECTED]
Date: Sun, 06 Feb 2000 11:11:37 +0100
Subject: RE: does ssl encrypt basic auth?
To: [EMAIL PROTECTED]
Ed Loehr wrote:
Is a basic authentication password, entered via a connection to an
https/SSL server, encrypted or plain text across the wire?
Encrypted
David McCabe wrote:
Yes, it is off-topic, but I am replying anyway, because you are slightly wrong. :)
If the first connection to a web site causes the authentication to be activated, the
password is _NOT_ encrypted. A successfull connection has to be established with a
secure web site
From: "Jeffrey W. Baker" [EMAIL PROTECTED]
Date: Sun, 06 Feb 2000 09:55:06 -0800
Subject: Re: does ssl encrypt basic auth?
Do you have some documentation on that? I say you are smoking crack.
When I set up my first secure site four years ago, the bank involved, (a major nat
David McCabe wrote:
If the first connection to a web site causes the
authentication to be activated, the
password is _NOT_ encrypted. A successfull connection has to
be established with a
secure web site before the encryption is turned on.
You've got something completely wrong here. The
In article [EMAIL PROTECTED] you wrote:
David McCabe wrote:
[...]
SSL traffic is encrypted before the first HTTP byte goes over the wire.
Yes, exactly.
(At least as long as the NULL cipher is not used ;)
Ralf S. Engelschall