joined:Oct 28, 2003
I am doing some work to try and improve the security of my .htaccess files. It seems that I should be using AuthType Digest rather than Basic, and secondly forcing/encouraging users to go via https rather than http.
On the first point though, on closer inspection of my htaccess and htpasswd files they seem to be using AuthType Basic but the passwords do appear to be MD5 encrypted, and this appears to work fine. Why is this and do I need to change it?