Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
HTTPS and HTTP authorization with .htaccess and .htpasswd are not mutually exclusive thigs.

HTTPS provides SSL layer for data transfers between server and client. SSL itself prevents third party from sniffing this network traffic and can give client guarantee that server haven't been substituted by another by "cracker". However it doesn't provides authorization of client.

HTTP authorization with .htaccess and .htpasswd can be used for authorization of clients. It is based on protocol which passes password and username as clear text (well, not clear text but something which can be easily decoded). So without additional layer of enryption (like SSL) it is easy target for sniffer attacks.

Please note that HTTP authorization is not the only way to do client authorization (but propably simpliest to setup since it doesn't require any coding). It is common to use cookies for this task for example (like Perlmonks website does).

What you need is probably both SSL and some method of client authorization (for example - HTTP authorization).

As for using javascript in the webpages to encrypt the password. Well, since you have not gave any details about it I can't say that it is insecure. But unless you use some kind of asymmetric cryptography it will be always subject of sniffer attacks. Do you?

In reply to Re: cgi and https (mildly off topic) by IlyaM
in thread cgi and https (mildly off topic) by coolmichael

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others exploiting the Monastery: (5)
    As of 2018-01-23 02:42 GMT
    Find Nodes?
      Voting Booth?
      How did you see in the new year?

      Results (238 votes). Check out past polls.