Security tip of the day: Use htdigest instead of htpasswd for phpMyAdmin and other sensitive stuff
I just realized that there was a better alternative to basic authentication for Apache 2.2. According to http://httpd.apache.org/docs/2.1/howto/auth.html:
“The most common method is Basic, and this is the method implemented by mod_auth_basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl. Apache supports one other authentication method: AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Most recent browsers support Digest authentication.”
So I read http://httpd.apache.org/docs/2.1/mod/mod_auth_digest.html and http://httpd.apache.org/docs/2.1/programs/htdigest.html and did the following:
htdigest -c apachePassword phpmyadmin myUser
Answered the questions asked by htdigest and checked that a new file named apachePassword was created. After that I edited my /etc/apache2/apache2.conf file and added these:
# htdigest authentication
<Location /phpmyadmin/>
AuthType Digest
AuthName "phpmyadmin"
AuthDigestDomain /phpmyadmin/ http://myserver.com/phpmyadmin/
AuthDigestProvider file
AuthUserFile /home/myUser/apachePassword
Require valid-user
</Location>
Then I enabled auth_digest by issuing the following command: a2enmod auth_digest. Finally I checked my Apache configuration file with the apache2ctl -t command and restarted the Apache web server. Then I visited http://myserver.com/phpmyadmin and I was greeted with the Apache’s username / password dialog window before being able to see phpMyAdmin’s screen.
Benzer Yazılar / Similar Posts:
- fail2ban: Defending Apache against brute force attacks to digest authentication protected pages
- ssl for Apache 2 on linode
- fail2ban: timezone problems
- Linux tip of the day: What to do when your scanner sends you a PDF in 10 pieces of .dat files
- A Bash quirk on `time’ and thoughts of a programmer on its semantics
- Readability tests and metrics
- Dosyayı tek seferde okumak: Common Lisp versus Perl; Apache arkasında Common Lisp çalıştırmak
- Montessori method: how to educate your children the Google way
- Access To Certain Google Services Blocked From Turkey
- Moodle hacking: MAGPIE_FETCH_TIME_OUT from 5 seconds to 20 seconds
Recent Comments
JS Code
One comment
Leave a reply