/prog/ - Digest authentication needed?

Name: Anonymous 2007-08-18 1:09 ID:zyZ/WtkP

- Running Lighttpd
- Using ssl (mod_ssl)
- Want to password protect a directory (mod_auth). Need very good security on this dir as i will mount my hd to it
- Since it's already over ssl, do I have to mess with digest authentication or is the password, etc. already encrypted because of the ssl?

Name: Anonymous 2007-08-18 1:13 ID:Heaven

Dude, it's fucking SSL! Fucking SECURE sockets! You know you want this shit.

Name: Anonymous 2007-08-18 1:21 ID:zyZ/WtkP

>>2
I HAVE the SSL. Duh.

What I am asking is lets say you have a password protected HTTP page. Without SSL the password is sent plaintext unless you use digest auth. With SSL, isn't the password sent crypted? So then, I can use plan auth and not digest auth.

But digest auth isn't hard to setup. I was just wondering.

Name: Anonymous 2007-08-18 1:35 ID:psLz/VsA

Digest auth is also very weak. Do not use it on its own.

SSL works between HTTP and TCP, so you can use whatever HTTP authentication you want securely.

Name: Anonymous 2007-08-18 1:38 ID:zyZ/WtkP

Both would be best then. Gotcha. Thank you :)

Name: Anonymous 2007-08-18 4:49 ID:psLz/VsA

>>5
Not really. Using SSL with plain auth is sufficient. If they break through SSL, they won't even notice digest.

If you feel like using digest as well, go for it, but it's not buying you any additional security. SSL is what's critical.

Name: Anonymous 2007-08-18 16:39 ID:zyZ/WtkP

Thanks guys.

Name: Anonymous 2007-08-18 16:45 ID:tLm5nG2O

Use a client certificate instead

Name: Anonymous 2007-08-18 17:48 ID:X7KCV4v1

Use a VPN instead

Name: Anonymous 2007-08-18 18:02 ID:Heaven

Use regular expressions.

Name: Anonymous 2007-08-18 18:25 ID:E96vLHS8

^{_{JEWS DID KFC}}

Name: Anonymous 2007-08-18 20:38 ID:YIzfrTkC

I recommend Digest::MD5 for all encryption needs.

Name: Anonymous 2007-08-19 3:21 ID:CN7iTotH

use ssh instead

Name: Anonymous 2009-03-06 5:52

Want to do it myself or anything like that lol?

Name: Trollbot9000 2009-07-01 9:01

Authentication or is the SAME FUCKING PERSON.

Name: Anonymous 2009-07-01 9:02

>>11
Jews did RSA.

Digest authentication needed?

1 Name: Anonymous 2007-08-18 1:09 ID:zyZ/WtkP

2 Name: Anonymous 2007-08-18 1:13 ID:Heaven

3 Name: Anonymous 2007-08-18 1:21 ID:zyZ/WtkP

4 Name: Anonymous 2007-08-18 1:35 ID:psLz/VsA

5 Name: Anonymous 2007-08-18 1:38 ID:zyZ/WtkP

6 Name: Anonymous 2007-08-18 4:49 ID:psLz/VsA

7 Name: Anonymous 2007-08-18 16:39 ID:zyZ/WtkP

8 Name: Anonymous 2007-08-18 16:45 ID:tLm5nG2O

9 Name: Anonymous 2007-08-18 17:48 ID:X7KCV4v1

10 Name: Anonymous 2007-08-18 18:02 ID:Heaven

11 Name: Anonymous 2007-08-18 18:25 ID:E96vLHS8

12 Name: Anonymous 2007-08-18 20:38 ID:YIzfrTkC

13 Name: Anonymous 2007-08-19 3:21 ID:CN7iTotH

14 Name: Anonymous 2009-03-06 5:52

15 Name: Trollbot9000 2009-07-01 9:01

16 Name: Anonymous 2009-07-01 9:02