Passwd encription

Passwd encription

Post by Bahman Motame » Wed, 04 Apr 2001 06:11:07



Hello all,

I am using .htacces which is the passwd protection for dir's that my
hosting company uses. When a user is asked to type the passwd from there
on anyone can snoop the passwd, I'd like to know if there is an
encrypter out there that I can use with .htaccess or some other PERL of
CGI programs that encrypts the passwd over internet.

Any input is appriciated.

 
 
 

Passwd encription

Post by Kenneth P. Turv » Thu, 05 Apr 2001 06:28:44



>Hello all,

>I am using .htacces which is the passwd protection for dir's that my
>hosting company uses. When a user is asked to type the passwd from there
>on anyone can snoop the passwd, I'd like to know if there is an
>encrypter out there that I can use with .htaccess or some other PERL of
>CGI programs that encrypts the passwd over internet.

A couple quick notes..

You can't do what you want using CGI because the processing all takes
place on the server.  The password would still have to get to the server
using normal transport mechanisms.  

Really the most appropriate way to handle this would be to use a
different transport, https.  This provides the security you are looking
for and doesn't change any of the code.  

You could possibly do what you want using a challenge response system
implemented in Java on the client side, but this would provide less
security and be more work.

Just use a web server that implements SSL, the secure sockets layer.  

--

--------------------------------------------------------
  Every country has the government it deserves.
        -- Joseph de Maistre