Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Protecting Personal files

by kelan (Deacon)
on Jul 30, 2004 at 12:14 UTC ( #378653=note: print w/replies, xml ) Need Help??

in reply to Protecting Personal Files within a Perl Website!

By "basic http authentication" I'm assuming you mean something like Apache's "AuthType Basic" directory restrictions.

Well the good news is that it will require a password to access the directory. The bad news (and we're talking pretty bad) is that the user/password combination is sent back to the webserver in cleartext. Meaning anyone sniffing your connection now has a free pass into that directory by sending the same user/password combo on their own.

An easy way around this is to use an SSL connection to your webserver, which will encrypt the traffic and prevent people from sniffing your user/password out of the ether.

Do take note of beable's advice, however. The files will, in some sense, still be accessible to the outside world. Someone just needs to find a crack into your webserver.

Replies are listed 'Best First'.
A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://378653]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2022-10-05 07:59 GMT
Find Nodes?
    Voting Booth?
    My preferred way to holiday/vacation is:

    Results (21 votes). Check out past polls.