I've always stayed away from using .htaccess for authenication because I thought it wasn't encrypted near as well as just authenicating through my own php script. I've been trying to find out, that if using an H t t p s://, is the user name and pass sent securily over the SSL?
This may seem like a silly question, but I cannot find an answer to it, and I'm not going to assume anything when it comes to security. Are user and passwords sent before the SSL, or are they sent using the SSL?
