Posted by Benjamin Niemann on 09/25/69 11:43

shawn modersohn wrote:

> I have a Linux Apache server where the root of the docs directory is
> password protected with Basic Authentication. The server is behind a
> router that only forwards to the 443 port. My question is, would the
> user name and password still be sent unencrypted in this manner? When I
> request /index.html I get the generic encryption warnings, I accept the
> certificate for the current session, and I am then prompted for a user
> name and password. Is the connection encrypted the moment I accept the
> certificate?

The certificate popup opens when the browser establishes the TCP connection,
before any actual data is send over this connection.
If you accept the cert, the browser sends the request over this encrypted
connection, so your password is save.

--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://pink.odahoda.de/

• Next in forum: Re: Rasta Khan Is Owned By AUK
• Prev in forum: Re: scrollbar problem
• Thread view: Re: SSL + .htaccess / when encryption begins

[Reply to this message]