Topic: web secure password

[oldi]

I have just installed SME 6.0 only as a webserver and am trying to set up a web site which will ask for a password. Have followed the steps from the documentations, by creating an ibay, and everything seem to work ok. I read in the documentation that ftp transmits all passwords in the clear without encryption. This might be a security problem. I havent' allowed any ftp connection in the remote access. Everyone will see the information only as a web site. However i wasn't sure whether still the password is transmited in the clear. Or does that apply only to ftp connections?

If yes,how can i make the password to be encrypted? Do i need to enable SSH, and any special ports? If yes how do i do it? I am a complete newbie so a step to step guide would be appriciated.

thanks

[Mumm-Ra]

You need to use SSL not SSH if you are using it over http.  SSL run over port 443.
Just type https://<your url> instead of http://<your url>
You will be prompted to accept the certifiacte. You could install the certificate so that you don't keep getting the prompt when you visit the page.
There is a how-to on how to install a SSL certificate from a CA so that you won't get the prompt.  Search the forums for instantssl or freessl (both very cheap CA's)
The only problem is that unless you modify the httpd.conf file the ibay can still be browsed using normal http.
You can create a custom httpd fragment to say only allow secure httpd for the ibay.  Again a search on this will lead you in the right direction.