Hi,
I'm sure you know this already, but the admin password is passed in plain text to the server unless you're using SSL.
I'm wondering if there is any add-on I can get, or something I can do to encrypt the admin password before it is sent to the server (currently sent in plain text) - short of buying an SSL certificate. I do have an SSL certificate for another store on the same server, but I'm not sure if it will let me use that certificate for this new domain. I wouldn't care if I got pop-up warnings, as long as it was secure.
My thought was, for people who just want to be able to run the admin area semi-securely without SSL, perhaps you could use a challenge-response system to authenticate the admin area instead of passing a plaintext password? I suppose another option would be to use AuthDigest authentication on the whole admin directory. Would that secure everything that needs to be secured as far as being able to change store settings and data, etc?
-Joe
Bookmarks