Apache Security

Yes, username and password get sent over the wire in plaintext format. Just as with ftp, pop3, imap, etcetera. That's why we have https, sftp, imaps, pop3s, etcetera(s).
 
Digest authentication is more secure than Basic authentication, but only works with supporting browsers. However, combine mod_auth_digest with SSL and you should be fine.
 
SuperMiguel said:
and i guess i can use sharkwire to see if the password are being transfer in plain text

You don't understand digest authentication, do you? Let me put it in simple English -

Digest authentication is intended to supersede unencrypted use of the Basic access authentication, allowing user identity to be established securely without having to send a password in plaintext over the network. Digest authentication is basically an application of MD5 cryptographic hashing with usage of nonce values to prevent cryptanalysis.

Hope this helps :p
 
Back
Top