<br><br><div class="gmail_quote">On Jan 28, 2008 11:15 AM, Sean <<a href="mailto:seanvanco@gmail.com">seanvanco@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
At the risk of sounding obvious, I wanted to point out that while that<br>works quite well, it will send any logins to your server in the clear.<br>If you want to keep your passwords secure/encrypted, you might want to<br>
generate (or purchase if you want it to look official) an SSL cert and<br>use https. As I recall you can also use the .htaccess file to force<br>https for that URL if someone tries to connect without https.<br><br>Here's some documentation from Apache on how to do this yourself<br>
(works fine, but for those knowing what to look for it's obvious that<br>you generated it), but you might want to look into generating a CSR if<br>you want to buy a signed SSL cert from a Certificate Authority to make<br>
it look official.<br><br><a href="http://linuxpoison.blogspot.com/2007/10/howto-create-self-signed-ssl.html" target="_blank">http://linuxpoison.blogspot.com/2007/10/howto-create-self-signed-ssl.html</a><br>(not sure if this is the best HowTo, but it's the best one I could<br>
find in a few minutes)<br><br>Hope this helps!<br></blockquote></div><br>Thanks. I think that was going to be my next question. :-)<br clear="all"><br>-- <br>Jack Smith<br><br>English doesn't borrow from other languages -- English follows other languages down dark alleys and takes what it wants.