On Dec 16, 2007 1:06 PM, Bryan Richardson <[EMAIL PROTECTED]> wrote: > Joshua, > > Thanks for responding. I had planned on looking into AuthDigest anyway, so > I'll go ahead and do that. If I end up using AuthDigest, would it then make > sense to only use SSL when actually logging in? >
No, digest auth works the same way as basic except that it is much more difficult to sniff the password on the wire. So you can often get away without using SSL at all if you use digest. > Also, just for sake of knowledge, how should I go about adding a Rewrite to > my SSL host to redirect me to the non-SSL host once I've logged in? It's essentially the exact opposite of the rewrite for the non-SSL host (except you don't need the RewriteCond in either case, since the port is already fixed in the vhost). RewriteRule !trac/[^/]+/login$ http://%{SERVER_NAME}%{REQUEST_URI} [L,R] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
