Apache Directory Password Protection

[EmosOohay]

Fedora Core 5-64 with Apache 2.2

How robust is Apache directory password protection? Assuming the use of a strong password how well does Apache password protection stand up to a hack attack?

 

[cleverhandle]

I'm not sure what you mean by a "hack attack". Somebody could try to brute force a password if they know a valid username, but that wouldn't get very far with good passwords. If someone has access to the traffic between the client and server, they could sniff the network for passwords or digests - which is why you should be using SSL. And if someone has shell access on the host and the password file has loose permissions, they might be able to read that and cause trouble.

The authentication system is fine as far as Apache itself is concerned. But if other aspects of the server and network (mentioned above) are not properly adminstered, it's not going to do you any good.

 

[EmosOohay]

Exactly what I wanted to know! Thanks.