More Secure NGINX Authentication than auth_basic

Although the question is 2 years old, I would like to keep on answering to it.

The page linked by the accepted answer (https://www.nginx.com/resources/wiki/modules/auth_digest/) is 11 years old and states itself that "... (it) is in need of broader testing before it can be considered secure enough for use in production."

A GitHub page (https://github.com/atomx/nginx-http-auth-digest) is also linked and more recent advice (April 2017) of the authors may found on it: "The module is currently functional but has only been tested and reviewed by its author. And given that this is security code, one set of eyes is almost certainly insufficient to guarantee that it's 100% correct."

So my conclusion is that the accepted answer gives a very interesting module which is unfortunately not advisable for securing sensitive data.


NGINX has a digest authentication module: https://www.nginx.com/resources/wiki/modules/auth_digest/

Unlike basic authentication, digest authentication does not send user names and passwords in plain text over the internet.

If your site is SSL only, then basic authentication is probably fine. the SSL encrypts the entire session including the user names and passwords.