|
Home > Archive > IIS Server Security > May 2006 > Dumb basic authentication and SSL question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Dumb basic authentication and SSL question
|
|
| Anthony Yates 2006-05-17, 1:16 pm |
| I have a web directory protected by SSL and basic authentication. It works
fine. The user is prompted to authenticate before the page is displayed.
It bothers me that there is no SSL padlock shown on the page during the
basic authentication. I am guessing the logon is encrypted anyway, but I'd
just like to check.
W2K3 and IE6.
Thanks,
Anthony
| |
| Ken Schaefer 2006-05-18, 7:20 am |
| Hi,
Yes, the credentials are encrypted. The SSL handshake occurs before any data
is transmitted at the HTTP layer. It's easy to verify yourself using a tool
like Ethereal (www.ethereal.com) or Microsoft's NetMon (Network Monitor)
Cheers
Ken
"Anthony Yates" <anthony.spam@spammedout.com> wrote in message
news:uOCNdTdeGHA.1272@TK2MSFTNGP03.phx.gbl...
>I have a web directory protected by SSL and basic authentication. It works
>fine. The user is prompted to authenticate before the page is displayed.
> It bothers me that there is no SSL padlock shown on the page during the
> basic authentication. I am guessing the logon is encrypted anyway, but I'd
> just like to check.
> W2K3 and IE6.
> Thanks,
> Anthony
>
| |
| Anthony Yates 2006-05-18, 1:16 pm |
| Thanks very much, job done
Anthony
"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:ewWGKOkeGHA.4892@TK2MSFTNGP02.phx.gbl...
> Hi,
>
> Yes, the credentials are encrypted. The SSL handshake occurs before any
> data is transmitted at the HTTP layer. It's easy to verify yourself using
> a tool like Ethereal (www.ethereal.com) or Microsoft's NetMon (Network
> Monitor)
>
> Cheers
> Ken
>
>
> "Anthony Yates" <anthony.spam@spammedout.com> wrote in message
> news:uOCNdTdeGHA.1272@TK2MSFTNGP03.phx.gbl...
>
>
|
|
|
|
|