A lot of people know that “basic” authentication for websites is secure, but how insecure? How difficult is it to intercept? Adam investigates… Background first. Here is an apache setup of basic authentication to go into a .htaccess file. AuthName “Unauthorised use strictly forbidden.” AuthType Basic AuthUserFile /home/horse/.htpasswd AuthGroupFile /dev/null require user horse Setting up… Continue reading HTTP Basic authentication
Tag: http
HTTP caching
Often browsers cache when you do not wish them to do so. POST requests by forms are exempt according to RFC 2616, so we only need worry about GET requests. A default installation of apache by default will not serve up expires or cache control headers so caching will vary between browsers. Here are the… Continue reading HTTP caching