[NBLUG/talk] [WLUG] web logons

Jack Smith jack.delbert at gmail.com
Mon Jan 28 08:24:47 PST 2008


On Jan 28, 2008 11:15 AM, Sean <seanvanco at gmail.com> wrote:

> At the risk of sounding obvious, I wanted to point out that while that
> works quite well, it will send any logins to your server in the clear.
> If you want to keep your passwords secure/encrypted, you might want to
> generate (or purchase if you want it to look official) an SSL cert and
> use https. As I recall you can also use the .htaccess file to force
> https for that URL if someone tries to connect without https.
>
> Here's some documentation from Apache on how to do this yourself
> (works fine, but for those knowing what to look for it's obvious that
> you generated it), but you might want to look into generating a CSR if
> you want to buy a signed SSL cert from a Certificate Authority to make
> it look official.
>
> http://linuxpoison.blogspot.com/2007/10/howto-create-self-signed-ssl.html
> (not sure if this is the best HowTo, but it's the best one I could
> find in a few minutes)
>
> Hope this helps!
>

Thanks.  I think that was going to be my next question.  :-)

-- 
Jack Smith

English doesn't borrow from other languages -- English follows other
languages down dark alleys and takes what it wants.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://nblug.org/pipermail/talk/attachments/20080128/c400d7a9/attachment.htm 


More information about the talk mailing list