25 Jan
2006
25 Jan
'06
7:10 p.m.
On 25 Jan 2006, at 18:55, michael nt milne wrote:
Hi
Yeah I know the security aspects are good once you are in, however when you login it's possible for someone to grab your logon name and pass as it goes over the internet, as there's no encryption at all. Then obviously login themselves and compromise your sites.
Just slightly concerned about this as I plan to have a few sites set-up on one server, with client logins and have to advise on security. I know that Apache SSL can help but it's a tricky extra step and I only need to secure the login areas at the moment, not encrypt a whole site.
You should read up on HTTP authentication and cookie authentication, I sense some severe knowledge gaps there... jens