Re: [SL] SQL-Ledger vulnerability CVE-2006-4244

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sun, 17 Sep 2006, Hugh Esco wrote:

> Trevor Hennion's strategy (which would require of me, only the addition of
> the "AuthType Basic" piece) is so far looking like my best step forward.
> 
> I'm concerned by something I read once though which suggested that this
> form of authentication happens before the encrypted connection is made and
> outside of that tunnel, making it vulnerable to sniffing.
> 
> Can anyone say definitively whether that is the case?

I can say definitively that it is not the case--that is: the 
authentication via HTTP auth basic, does indeed travel over the SSL 
connection.

Luke