Hi everybody.
We have a really complex issue and we aren't able to imagine how could
it be solved. We hope that maybe some Apache expert will give us some
ideas. Please, if this is not the correct list, tell me where should I
send this email.
We have a Drupal 6 installation which serves video (Flash & HTML5)
working over Apache 2.2.15 in CentOS 6. We want all passwords to be sent
encrypted in this platform.
Configuring a full SSL Apache is not a good solution, because there are
huge videos uploaded and encrypting them would have a great impact in
the performance.
Protecting Drupal's login is quite simple. There is a module that
protects only the login module, so this solution is perfect for us.
However, with some specially sensible videos we also have an extra
protection. We set an htaccess with mod_authn_dbd linked with Drupal
database, so direct access to these resources URLs is protected with the
same user & password used in Drupal.
Is this validation which we are stuck with. If we set AuthType Basic,
passwords are sent in plain text. If we set Digest, it doesn't work
because Digest needs a fixed format (User:Realm:Password in MD5) and
Drupal passwords are different (just password in MD5).
Apache httpd.conf allows to serve some resources through port 80 and
another ones through 443, but the resource to protect must be served
through port 80, so htaccess is also sent through it.
We are really blocked here. Please, could somebody give us any advice?
Many thanks in advance.
--
Daniel Merino Echeverría
daniel.mer...@unavarra.es
Gestor de teleformación - Centro Superior de Innovación Educativa.
Tfno: 948-168489 - Universidad Pública de Navarra.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
