| / Home \ | \ Subjects / |
| 31/10/2024 20:59 leenar90: |
| About version 3.06.04 it says: "For HTTP, Proxy and web-mail support of two variant of MD5 Digest authorization (RFC2069/RFC2617) has been added, but this authorization method is posibly only in case when the server know original passwords, when these stored in config file". I don't see any problems for myself with saving the login and password in the configuration file, I'm concerned about the security of this data between the server and clients via the Internet. How secure is it? I see in the log "Proxy-Authorization: Basic (credentials?). How difficult will it be for someone who can intercept traffic to use this? In principle, I can change the login and password every few days. |
| 01/11/2024 17:52 Max: |
| If you use basic authentication and an HTTP (NOT HTTPS) connection, on your ISP's host or intermediate routers, your password can be intercepted. In the basic method, the client sends the password in easily decodable BASE64 encoding. So it is better to use SSL/TLS or the Digest method. In the Digest method, the password is never sent. |