https://stackoverflow.com/questions/22544938
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianThe user's name and password will be sent with every HTTP request under the protected directory. The user will only be asked (usually) on the first try until you close and reopen the browser.
Here is a good overview.
htpasswd security - sent in non-protected requests?
题
I understand htpasswd is pretty secure if done through SSL. Question:
I visit directory "mysite.com/protected/" (https) and log in via htaccess/htpasswd. In the same browser I open up a new tab to "mysite.com/unprotected/" (http).
Is the user/pass transmitted in the second request, or only when accessing the /protected/ directory?
解决方案
不隶属于 StackOverflow
