SSL + .htaccess / when encryption begins

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a Linux Apache server where the root of the docs directory is
password protected with Basic Authentication.  The server is behind a
router that only forwards to the 443 port. My question is, would the
user name and password still be sent unencrypted in this manner?  When I
request /index.html I get the generic encryption warnings, I accept the
certificate for the current session, and I am then prompted for a user
name and password.  Is the connection encrypted the moment I accept the

Re: SSL + .htaccess / when encryption begins

shawn modersohn wrote:

Quoted text here. Click to load it

The certificate popup opens when the browser establishes the TCP connection,
before any actual data is send over this connection.
If you accept the cert, the browser sends the request over this encrypted
connection, so your password is save.

Benjamin Niemann
Email: pink at odahoda dot de
WWW: /

Site Timeline