: More Secure NGINX Authentication than auth_basic I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module
I've been trying to come up with the most secure method of authentication to my reverse proxy in NGINX. I've been using ngx_http_auth_basic_module so far without any issues, but there are apparently some glaring security implications with this setup. Most of these security concerns are not too big of an issue because my site is strictly operating with SSL. I'd still like to secure it as much as possible.
Are there any alternative, superior authentication mechanisms for NGINX?
I'm open to anything; this is not a public service.
More posts by @Lee4591628
2 Comments
Sorted by latest first Latest Oldest Best
Although the question is 2 years old, I would like to keep on answering to it.
The page linked by the accepted answer (https://www.nginx.com/resources/wiki/modules/auth_digest/) is 11 years old and states itself that "... (it) is in need of broader testing before it can be considered secure enough for use in production."
A GitHub page (https://github.com/atomx/nginx-http-auth-digest) is also linked and more recent advice (April 2017) of the authors may found on it: "The module is currently functional but has only been tested and reviewed by its author. And given that this is security code, one set of eyes is almost certainly insufficient to guarantee that it's 100% correct."
So my conclusion is that the accepted answer gives a very interesting module which is unfortunately not advisable for securing sensitive data.
NGINX has a digest authentication module: www.nginx.com/resources/wiki/modules/auth_digest/
Unlike basic authentication, digest authentication does not send user names and passwords in plain text over the internet.
If your site is SSL only, then basic authentication is probably fine. the SSL encrypts the entire session including the user names and passwords.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.