Home arrow Apache arrow Page 4 - An Introduction to Security Measures in Apache 2.2

More on Passwords - Apache

This article is aimed at giving you a practical and interesting introduction to the two methods of authentication available to you as an administrator of Apache. It is only a first step, and not intended as the only step if you are configuring a commercial web server.

TABLE OF CONTENTS:
  1. An Introduction to Security Measures in Apache 2.2
  2. Configure it right
  3. Password
  4. More on Passwords
By: Dan Wellman
Rating: starstarstarstarstar / 5
January 30, 2007

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Instead of using htpasswd to create the passwords file, we need to use htdigest.  The creation of a username and password can be achieved with the following command (again in a command prompt set to the Apache bin directory):

htdigest -c C:hidden.digestpasswords "More Secure Protected Area" AuthUser

This time, the username, AuthName and the password are stored.  Again the password is encrypted using md5.  There is now no warning of basic security in the username and password prompt:

There is one more thing that Apache advises us to add when using the digest method of authentication. Because the digest method is still classed as experimental, there are flaws in the way that different browsers handle it.  There is a known issue with Internet Explorer whereby GET requests with a query string are not RFC compliant.  In order to allow Apache to work around this issue, it is recommended that the following conditional environment variable be used:

BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

Just place this in the <Directory> section containing the digest directives.

SSL would be the next logical step in making connections to Apache even more secure, but unfortunately it is outside of the scope of this article.  The Apache documentation provides a wealth of further reading and information, but I hope this article has given you a practical and interesting introduction to the two methods of authentication available to you as an administrator of Apache.



 
 
>>> More Apache Articles          >>> More By Dan Wellman
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

APACHE ARTICLES

- Apache Unveils Cassandra 1.2
- Apache on ARM Chips? Dell and Calxeda Help M...
- The Down Side of Open Source Software
- VMware Unveils Serengeti for Apache Hadoop
- SAP Takes Steps to Improve Hadoop Integration
- Looking to Hone Apache Hadoop Skills?
- How to Install Joomla on WAMPP
- Working with XAMPP and Wordpress
- GUI Available for Apache Camel
- Reduce Server Load for Apache and PHP Websit...
- Creating a VAMP (Vista, Apache, MySQL, PHP) ...
- Putting Apache in Jail
- Containing Intrusions in Apache
- Server Limits for Apache Security
- Setting Permissions in Apache

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: