How secure is .htaccess on a *nix run Apache?

[smp]

I just figured this out .. and I want to know how secure this kind of permission system is with apache and *nix ??? Is it any good? Or is it weak?

edit: 'this' being the .htaccess files located in the folders that need authorization and htpasswd. Oh, and can this be controlled with PHP?

 

[n0cmonkey]

Secure how? Secure encryption of passwords? Securely transmitting the passwords over the internet? Secure permissions? Able to be exploited by some 31337 hax0r?

I personally wouldnt bother trusting .htaccess unless I was using ssl, which I do on my home server 😉

 

[smp]

Tell me more l337 monkey!!!

 

[n0cmonkey]

Originally posted by: smp
Tell me more l337 monkey!!!

About what? .htaccess is decent enough. Im sure there are ways around it, but I dont know any off hand. Id sniff traffic until you gave me the password, hence my suggestion of ssl 😉

 

[smp]

If you run SSL though, and you don't have that certificate things (which costs a lot of money) then don't your visitors keep getting that "uncertified site" warning all the time or something?

 

[n0cmonkey]

Originally posted by: smp
If you run SSL though, and you don't have that certificate things (which costs a lot of money) then don't your visitors keep getting that "uncertified site" warning all the time or something?

Certs dont cost money. Getting them signed by monopolistic monstrocities (aka verisign) does. Self sign it, thats what I did. Its no "less secure," just considered less trustworthy, which isnt important because no private data goes across the wire.