Apache Site: www.apache.org
Release: 1.3.3 (Released 9th October 1998)
Apache 1.3.3 is the current stable release. Users of Apache
1.2.6 and earlier should look at upgrading to this version.
Read Guide to
1.3.3 for information about changes between 1.2 and
Patches for bugs in Apache 1.3.3 will be made available in
the apply_to_1.3.3 subdirectory of the patches
directory on the Apache site. Some new features and other
unofficial patches are available in the 1.3
patches directory. For details of all previously reported
bugs, see the Apache bug
database and known
bugs pages. Many common configuration questions are
answered in the Apache FAQ.
Access to resources on a server can be restricted by
requiring users to supply a username and password. This is
usually done using "basic authentication". However this
results in the password being sent across the network
unencrypted, so anyone intercepting the traffic could see
both the username and password (unless the HTTP communication
is itself encrypted, such as when SSL is in use).
To get around the lack of security with basic authentication,
RFC2069 defines a new method of sending passwords: Digest
Authentication. This encrypts the password such that someone
looking at the traffic cannot get at the password. Note that
neither basic nor digest authentication encrypt the contents
of the server response, so someone viewing traffic could
still get access at the protected document.
RFC2069 is now being revised, and the current draft of a
replacement is available as
HTTP Authentication: Basic and Digest Access
Authentication. This draft documents both the basic and
digest authentication mechanisms.