PDA

View Full Version : Using HTTPS for site login...



DrWebber
05 Nov 2007, 07:45 AM
Anothe n00b.. but gotta start somewhere...

Ive been reading up on protecting my website (when Iget round to designing it!!), with use of .htaccess, or httpd.conf and protecting areas of my website.. and just wanted cofirmation of some of my assumptions...

I understand that although you can protect areas of your website, by protecting directories... the login procedure over http is clear text... so, in reality is not very secure...

I wouldnt want to host my entire site in a https environment (for performance reasons?), but just the login page...

So my site, for example, althoguh published from a http url, I would like a secure https login, which would then redirect successful logins to the http site..??? Any attempts to access the http site directly would be redirected to the https login page...

ive read that although .htaccess can deal with authorisation, it is not thebest place to do it, this should be done ideally in the httpd.conf...

Now I know I can redirect any visitors to the http page, to the secure login (via a redirect in the .htaccess file), but how do I then pass successful logins back to the http site...???

Is this the best approach??

Any advice, links, help would be most appreciated....

Hope it makes sense...!!!!

Thanks

BTW: I have a VPS account with root access