Apache
  Home arrow Apache arrow Page 4 - An Introduction to Security Measures i...
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
APACHE

An Introduction to Security Measures in Apache 2.2
By: Dan Wellman
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 4 stars4 stars4 stars4 stars4 stars / 3
    2007-01-30

    Table of Contents:
  • An Introduction to Security Measures in Apache 2.2
  • Configure it right
  • Password
  • More on Passwords

  • Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    Dell PowerEdge Servers

    An Introduction to Security Measures in Apache 2.2 - More on Passwords
    (Page 4 of 4 )

    Instead of using htpasswd to create the passwords file, we need to use htdigest.  The creation of a username and password can be achieved with the following command (again in a command prompt set to the Apache bin directory):

    htdigest -c C:hidden.digestpasswords "More Secure Protected Area" AuthUser

    This time, the username, AuthName and the password are stored.  Again the password is encrypted using md5.  There is now no warning of basic security in the username and password prompt:

    There is one more thing that Apache advises us to add when using the digest method of authentication. Because the digest method is still classed as experimental, there are flaws in the way that different browsers handle it.  There is a known issue with Internet Explorer whereby GET requests with a query string are not RFC compliant.  In order to allow Apache to work around this issue, it is recommended that the following conditional environment variable be used:

    BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

    Just place this in the <Directory> section containing the digest directives.

    SSL would be the next logical step in making connections to Apache even more secure, but unfortunately it is outside of the scope of this article.  The Apache documentation provides a wealth of further reading and information, but I hope this article has given you a practical and interesting introduction to the two methods of authentication available to you as an administrator of Apache.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

       · Hi Everyone, I found this part of the Apache setup very interesting and logical...
       · You should also have something like this under httpd.conf or .htaccess to make sure...
       · When using PHP5 & Apache for digest authentication, I found that I had to change the...
     

       

    APACHE ARTICLES

    - Putting Apache in Jail
    - Containing Intrusions in Apache
    - Server Limits for Apache Security
    - Setting Permissions in Apache
    - Installing Apache
    - Apache Installation and Configuration
    - Apache Tapestry and Custom Components: DateI...
    - Tapestry and AJAX: Autocompleter and InlineE...
    - PropertySelection and IPropertySelectionMode...
    - The DatePicker and Shell Components of Apach...
    - Apache Tapestry: ASO and More Components
    - Apache Tapestry and DirectLink, IoC and DI
    - Making a CelebrityCollector with Apache Tape...
    - Apache Tapestry and Listener Methods, Condit...
    - The Properties of Tapestry Pages

     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway