Apache Authentication - ApacheCon 2005 Caveats Most browsers support this, but not all Content is still passed in the clear Password file is still unindexed plain text The hash itself could be used as a key (if you're really paranoid)
Index Back to Password file Forward to mod_auth_dbm
ApacheCon 2005 : Apache Authentication - Slide #24 of 45