auth_basic plain password in html
Francis Daly
francis at daoine.org
Thu Jun 11 19:29:36 UTC 2015
On Thu, Jun 11, 2015 at 11:07:57AM +0000, de Brouwer Tom (ST-CO/ENG5.1) wrote:
Hi there,
> I have setup aut_basic on my nginx webserver, whenever I authenticate the username and password are send as plain text via the html request from my webbrowser, is there an easy solution for this?
HTTP Basic Authentication is effectively plain text between the browser
and the server.
The way to make that not easily readable is to wrap it in tls - so run
a https service instead of a http service.
> Or should I switch to the non default nginx_http_auth_digest module?
The other option is not to use HTTP Basic Authentication; HTTP Digest
Authentication is probably the most familiar alternative for common
browsers.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list