Clever Geek Handbook

How can I encrypt my website traffic?

What's an easy way to encrypt my web traffic? I would like to be able to login to sites on my web server without sending my password in plain text.

Edit: My web server runs on a LAMP stack, although it's a shared host, so I don't have root.

+1


source to share


7 replies


Obtain an X.509 certificate (for example, create your own or exempt it from StartSSL ) and use it to customize the SSL configuration for your specific server configuration.

If you can't set up a new listener on your web server, there really isn't a good option. In theory, you could hack some JavaScript scripting library like JavaScrypt a bit and come up with something safe. I've played around with several options, but I don't know enough about it to come up with everything I feel about.



I don't know your circumstances, but if it were me, I would think of a different host.

+3


source


HTTPS

Use a self-signed certificate.



Tell us your web server software for full descriptions!

+1


source


Since you don't have root, it's best to contact your hosting provider and see what they can do for you. You may already have access to SSL (try using https://yourdomain.com ) with a self-certified key.

You should be able to talk about installing StartSSL for you. This gives you SSL encryption and browsers won't complain that it isn't signed by a valid CA.

+1


source


As stated above, publishing your own certificate is free, however, knowing more about your environment can give you more specific answers. Are you using IIS? Why do you need encryption? Are you using Windows servers on the back?

0


source


use Authentication Digest . Since you are on LAMP, you can configure it on Apache using mod_auth_digest .

0


source


Since you are trying to keep costs down, any ssl solutions will probably fail.

It first requires a signed certificate which costs a little, the free ones are not always included in all web browsers.

Secondly, in order to use an ssl certificate, your IP server must be dedicated to you. This is not the case with every cheap web hosting option. There are technologies that in the future will allow multiple ssl-enabled sites to be hosted on the same IP address, but this has not been done yet.

As mentioned earlier, Digest Authentication is one of the options that does not require an ssl certificate or dedicated ip. This is an authentication method that does not reveal your password, even if everything else in the message is unsecured. In Apache, this can be applied in separate directories by specific .htaccess files. I'll repeat the previous link to mod_auth_digest . This is usually already installed on most servers, so you won't need to ask your web hosting provider.

0


source


You don't always need root access to configure Apache to use SSL, but you will most likely need to modify configuration files that are either executed through your ISP's interface or through files through a shell account. In any case, you need a server certificate; either on its own, or from a large company like Verisign, or in one of the smaller free sites like cacert.org.As others have pointed out, this requires a dedicated IP address of your server or instance on the server.

I would recommend SSL first, but mod_auth_digest is not a bad backup idea.

0


source






More articles:


All Articles