How can I encrypt my website traffic?

What is the easiest free method of encrypting my web traffic? I'd like to be able to log in to sites on my web server without sending my password in plaintext.

Edit: My web server is running on the LAMP stack , although it is a shared host so I don't have root.

Answers


Get an X.509 certificate (for example, generating your own, or getting one free from StartSSL), and use it to set up SSL—a server-specific configuration task.

If you can't configure a new listener in your web server, there's not really a good option. In theory you could do a little hacking with some JavaScript crypto library, like JavaScrypt, and come up with something safe. I've toyed with several options but I don't know enough about it to come up with anything I feel confident about.

I don't know your circumstances, but if it were me, I'd consider another host.


https

Use a self-signed certificate.

Tell us your web server software for a detailed implementation description!


Since you don't have root your best bet is to contact your hosting provider and see what they can do for you. You may already have SSL access (try using https://yourdomain.com) using a self-certified key.

You should be able to talk them into installing a StartSSL key for you. This provides you with SSL encryption and browsers won't complain that it isn't signed by a valid Certificate Authority.


As stated above, publishing your own certification is free, however knowing more about your environment, may get you more specific answers. Are you running IIS? What will you be logging into that needs encryption? Are you using Windows Servers on the back end?


use Digest Authentication. Since you're on LAMP, you can configure it on Apache with mod_auth_digest.


Since you are trying to reduce costs, any ssl solutions will probably not be an option.

First it requires a signed certificate that cost a bit, the free ones is not always included in all web browsers.

Second to be able to utilize an ssl certificate your server ip must be dedicated to you. This is not the case in every cheap web hosting option. There are technologies that in the future will make it possible to host multiple ssl enabled sites on a single ip, but it's not here yet.

As mentioned before Digest Authentication is one option that doesn't require ssl certificate or dedicated ip. It's a method of authentication that doesn't reveal your password even though everything else in the communication is unprotected. In Apache this can be applied in individual directories by specific .htaccess files. I'll repeat the previous link on mod_auth_digest. This one is usually already installed on most servers so you won't have to ask you web hosting provider.


You don't always require root access to setup Apache to use SSL, but you will likely need to modify config files, which is either done thru your providers interface, or via files via a shell account. Either way you will need a server certificate; either self-signed, from a major company like Verisign, or one of the smaller free places like cacert.org. As noted by others, this does require a dedicated IP to your server or instance on the server.

I would recommend SSL first, but mod_auth_digest isn't a bad backup idea.


Need Your Help

Autotools : how to set global compilation flag

c++ autotools autoconf flags automake

I have a project with several sources directories :

How can I remove the history of one file in git, leaving only the most recent version?

git git-rewrite-history

I have a large binary file in a git repository, which has been changed in a few commits. These commits also included changes to other files. I would like to have only the most recent version of the