我需要使用用户名和密码保护客户端 CMS,只需要一个用户名。我打算使用 htaccess,因为它可以快速添加。
我将使用 WHM 中的密码目录功能添加它,该功能将密码存储在此处: AuthUserFile "/home/username/.htpasswds/public_html/cms/passwd"
这有多安全?有没有办法进入 .htpasswds 等文件夹?
最佳答案
直接来自 Apache 的文档
The most common method is Basic, and this is the method implemented by mod_auth_basic. It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl. Apache supports one other authentication method: AuthType Digest. This method is implemented by mod_auth_digest and is much more secure. Most recent browsers support Digest authentication.
请阅读其余HERE
请阅读评论,自 2011 年以来情况发生了变化。好消息@reve_etrange
关于security - htaccess 身份验证的安全性如何,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5118870/