Home page logo

basics logo Security Basics mailing list archives

Apache AuthBasic
From: "Jon Mark Allen" <jonmark () allensonthe net>
Date: Fri, 12 Dec 2003 09:46:50 -0600

I have a website with one particular folder I want to secure.

I have setup SSL and Apache AuthBasic for that folder and all subfiles.

My question is: does anyone know of any vulnerabilities or ways to crack/circumvent AuthBasic?

So far, the only method I've found of breaking authBasic is to sniff the traffic to lift the username/password, but 
I've tested that with the SSL and the username/password combo is passed after SSL has already been established.

It is very important that this folder be as secure as I can make it.  Obviously, just being available on the web at all 
reduces the overall security significantly, but I don't have a choice there. :-)

Thanks for your help.

Jon Mark


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]