in reply to Re: Re: Re: Adding a password to Zip compression ?
in thread Adding a password to Zip compression ?

Yes, that's essentially correct.

If the directory is in an ssl-protected place, then the challenge/response (ie, the user/pass sent over the network) will be encased within the cryptographic sleeve.

It goes something like this:

  1. browser makes an https request (ie, tries to access an https/ssl webpage)
  2. webserver responds with server certificate and encryption keys (public key)
  3. browser examines (sometimes with user intervention) the certificate, and accepts the session key
  4. a secure connection (cryptographic sleeve) is created; all traffic between the client/browser and server is encrypted
  5. if the .htaccess is set to require http basic auth, the basic auth challenge is presented (ie, user/pass dialog appears)
  6. user/pass is passed to server, inside SSL crypto sleeve
  7. if valid, server returns contents of requested location, also protected by SSL

and so forth ad nauseum...

  • Comment on Re: Re: Re: Re: Adding a password to Zip compression ?

In Section Seekers of Perl Wisdom