[lug] htpasswd security
Sean Reifschneider
jafo at tummy.com
Tue Mar 4 22:06:49 MST 2003
On Tue, Mar 04, 2003 at 09:11:39PM -0700, Timothy C. Klein wrote:
>How secure is this method of access? If I had ssh and a Unix machine at
>school, I would much rather use ssh, but as it stands it is damn
SSH is a high-profile target for getting trojaned so that it logs the
host/user/passwd you use to login.
HTTP basic auth is persistent within the browser sesion, so you'll want
to close the browser when you're done. Unless you're using SSL, it can
easily be sniffed. It depends on how secure you need it to be though...
I don't trust any machine but those that I know. This mechanism will
probably be fine for what you want to do.
Sean
--
I keep just enough vi knowledge in my head so that I can edit a Makefile
and build Emacs. -- Tony Foiani, 1999
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995. Qmail, Python, SysAdmin
More information about the LUG
mailing list