Page 1 of 1

how secure is yahoo ssl?

Posted: Tue Sep 02, 2008 2:16 pm
by iknowu99
i'm developing a security system and would like to know, for the yahoo small business service i signed up for, what would be more secure the ssl yahoo provides or the htaccess suggested by others on this board?

goal is to have one directory that is protected by one username and password.

Re: how secure is yahoo ssl?

Posted: Tue Sep 02, 2008 2:20 pm
by andyhoneycutt
SSL and .htaccess are two very different concepts. A .htaccess file can provide username/password protection to a directory or directories, SSL is for ensuring the safe transmission of data between two parties by way of encryption. So, to answer your question in short I would suggest you go with .htaccess for username/password protection on a directory.

-Andy

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 12:05 am
by pcoder
To fulfill your goal why do you need SSL?
You do not need to go throught the SSL.
As andyhoneycutt said, go through the .htaccess you will get your solution.

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 3:36 am
by iknowu99
with .htaccess I dont get one thing, what do i actually put in the index page?

It seems like a meticulous process where a slight mistake will allow for intrusion....

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 9:38 am
by andyhoneycutt
the .htaccess file should reside in or above the directory you wish to protect. Apache looks for .htaccess whenever it tries to access a directory. It's a fairly straight-forward process and while nothing is guaranteed to protect you 100% of the time, it's better than nothing especially if it is your only option. I've used .htaccess and not had any (successful) attacks on my projects.

Here is an online tool you can use to build your .htaccess and corresponding .htpasswd file(s).

-Andy

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 9:55 am
by iknowu99
Andy,

I'm still not getting the part where I ask users for the password. I do plan on distributing the password - and this will be the members area. I created the .htaccess and .htpasswrd files and placed them in http://www.mysite.com/protect_this/
so everything i place in "protect_this" directory will be password protected from what i understand. how about the index.html file that's in http://www.mysite.com? how do i edit the index.html file so it gives members access to the http://www.mysite.com/protect_this/protected.html file (which is members area/password protected)?

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 11:24 am
by andyhoneycutt
I would put the .htaccess and .htpasswd files in the directory you wish to protect and have your portal page above that directory linking them to the member area, or redirecting them to the member area. The user's web browser should prompt them for the username and password when they try to access the access-protected directory.

-Andy

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 1:50 pm
by iknowu99
I hear you, I don't get the "user's web browser should prompt them for the username and password" part. Is this html code? maybe forums involved, i'm still learning the basics....

also if the password is encrypted in .htpasswrd file, it will be fine if user writes the normal password? i heard this md5 program is good one....

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 2:17 pm
by andyhoneycutt
All .htaccess does is request credentials from the end user. What this means, and how it works, is that Apache (the web server providing service to your users) tells the end user that they must supply credentials. It's a commonly accepted engagement and all modern web browsers support it naturally. You have nothing more to do as the developer than supply the proper .htaccess and .htpasswd files in the proper way and your designated path will be password protected.

md5 is a very good algorithm for one-way encryption. I'm by no means an encryption expert, or Apache-admin, so if you need much more information than this you might wish to look at some documentation on Apache's website.

Re: how secure is yahoo ssl?

Posted: Wed Sep 03, 2008 4:36 pm
by iknowu99
"Yahoo! does not currently allow you to upload .htaccess files to your account."

boooooooooo!