[lug] htpasswd security

Timothy C. Klein teece at silverklein.net
Wed Mar 5 13:15:11 MST 2003


* Nate Duehr (nate at natetech.com) wrote:
> > Nah, this machine has only my stuff on it.  A vanity web page that gets
> > hits from me, as it has ssh java app from mindterm.
> 
> Uhh, this just dawned on me...
> 
> Tim, are you saying...
> 
> http (no encryption) ---> SSH app (encryption) --> to another machine?
> Is that what you're saying is on that webpage?

That isn't how mindterm works. It actually used http only to transfer
the java app to the remote machine. Once it does that, mindterm does
either a new connection back to my machine and encrypts that, or it
encrypts data sent over http on its own. It obviates the need for any
https. I learned all this when trying to use it through a firewall --
major pain!

> If that's the case, you need to enable SSL to the webpage.  Since it's
> Debian, definitely just type:
> 
> apt-get update; apt-get install apache-ssl

I did this, apache-ssl works out of the box.  libapache-mod-ssl was
giving me a headache crashing apache.

> Answer all the questions during the installation.
> Then use https:// instead of http:// to get to your site.
> 
> You'll be all set up with a self-signed cert that works fine other than the
> browser warnings.

Trouble is, the machines I always use at school (Mac OS9, IE 5),
gives no warnings about the certificate, it just jays it is invalid.
Hmm, it worked at home...

> Purrrrty simple.  (GRIN)
> 
> Nate Duehr, nate at natetech.com
> 
--
==============================================
==  Timothy Klein || teece at silverklein.net  ==
==  http://i148.denver.dsl.forethought.net  ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================



More information about the LUG mailing list