how secure is yahoo ssl?
Moderator: General Moderators
how secure is yahoo ssl?
i'm developing a security system and would like to know, for the yahoo small business service i signed up for, what would be more secure the ssl yahoo provides or the htaccess suggested by others on this board?
goal is to have one directory that is protected by one username and password.
goal is to have one directory that is protected by one username and password.
- andyhoneycutt
- Forum Contributor
- Posts: 468
- Joined: Wed Aug 27, 2008 10:02 am
- Location: Idaho Falls
Re: how secure is yahoo ssl?
SSL and .htaccess are two very different concepts. A .htaccess file can provide username/password protection to a directory or directories, SSL is for ensuring the safe transmission of data between two parties by way of encryption. So, to answer your question in short I would suggest you go with .htaccess for username/password protection on a directory.
-Andy
-Andy
Re: how secure is yahoo ssl?
To fulfill your goal why do you need SSL?
You do not need to go throught the SSL.
As andyhoneycutt said, go through the .htaccess you will get your solution.
You do not need to go throught the SSL.
As andyhoneycutt said, go through the .htaccess you will get your solution.
Re: how secure is yahoo ssl?
with .htaccess I dont get one thing, what do i actually put in the index page?
It seems like a meticulous process where a slight mistake will allow for intrusion....
It seems like a meticulous process where a slight mistake will allow for intrusion....
- andyhoneycutt
- Forum Contributor
- Posts: 468
- Joined: Wed Aug 27, 2008 10:02 am
- Location: Idaho Falls
Re: how secure is yahoo ssl?
the .htaccess file should reside in or above the directory you wish to protect. Apache looks for .htaccess whenever it tries to access a directory. It's a fairly straight-forward process and while nothing is guaranteed to protect you 100% of the time, it's better than nothing especially if it is your only option. I've used .htaccess and not had any (successful) attacks on my projects.
Here is an online tool you can use to build your .htaccess and corresponding .htpasswd file(s).
-Andy
Here is an online tool you can use to build your .htaccess and corresponding .htpasswd file(s).
-Andy
Re: how secure is yahoo ssl?
Andy,
I'm still not getting the part where I ask users for the password. I do plan on distributing the password - and this will be the members area. I created the .htaccess and .htpasswrd files and placed them in http://www.mysite.com/protect_this/
so everything i place in "protect_this" directory will be password protected from what i understand. how about the index.html file that's in http://www.mysite.com? how do i edit the index.html file so it gives members access to the http://www.mysite.com/protect_this/protected.html file (which is members area/password protected)?
I'm still not getting the part where I ask users for the password. I do plan on distributing the password - and this will be the members area. I created the .htaccess and .htpasswrd files and placed them in http://www.mysite.com/protect_this/
so everything i place in "protect_this" directory will be password protected from what i understand. how about the index.html file that's in http://www.mysite.com? how do i edit the index.html file so it gives members access to the http://www.mysite.com/protect_this/protected.html file (which is members area/password protected)?
- andyhoneycutt
- Forum Contributor
- Posts: 468
- Joined: Wed Aug 27, 2008 10:02 am
- Location: Idaho Falls
Re: how secure is yahoo ssl?
I would put the .htaccess and .htpasswd files in the directory you wish to protect and have your portal page above that directory linking them to the member area, or redirecting them to the member area. The user's web browser should prompt them for the username and password when they try to access the access-protected directory.
-Andy
-Andy
Re: how secure is yahoo ssl?
I hear you, I don't get the "user's web browser should prompt them for the username and password" part. Is this html code? maybe forums involved, i'm still learning the basics....
also if the password is encrypted in .htpasswrd file, it will be fine if user writes the normal password? i heard this md5 program is good one....
also if the password is encrypted in .htpasswrd file, it will be fine if user writes the normal password? i heard this md5 program is good one....
- andyhoneycutt
- Forum Contributor
- Posts: 468
- Joined: Wed Aug 27, 2008 10:02 am
- Location: Idaho Falls
Re: how secure is yahoo ssl?
All .htaccess does is request credentials from the end user. What this means, and how it works, is that Apache (the web server providing service to your users) tells the end user that they must supply credentials. It's a commonly accepted engagement and all modern web browsers support it naturally. You have nothing more to do as the developer than supply the proper .htaccess and .htpasswd files in the proper way and your designated path will be password protected.
md5 is a very good algorithm for one-way encryption. I'm by no means an encryption expert, or Apache-admin, so if you need much more information than this you might wish to look at some documentation on Apache's website.
md5 is a very good algorithm for one-way encryption. I'm by no means an encryption expert, or Apache-admin, so if you need much more information than this you might wish to look at some documentation on Apache's website.
Re: how secure is yahoo ssl?
"Yahoo! does not currently allow you to upload .htaccess files to your account."
boooooooooo!
boooooooooo!