Results 1 to 2 of 2
  1. #1

    When using SSL, is .htaccess sent secure?

    I've always stayed away from using .htaccess for authenication because I thought it wasn't encrypted near as well as just authenicating through my own php script. I've been trying to find out, that if using an H t t p s://, is the user name and pass sent securily over the SSL?

    This may seem like a silly question, but I cannot find an answer to it, and I'm not going to assume anything when it comes to security. Are user and passwords sent before the SSL, or are they sent using the SSL?

  2. #2
    Yes, the user/pass is sent securely. Some browsers (e.g., Safari) will tell you that the login information is being sent over a secure connection.

    .htaccess is used on the server side -- it is never transmitted to the browser. In fact, a good apache setup will ensure that a client (browser) cannot access .htaccess files directly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts