Hi .. I have an Apache 1.3.12 server with MySql compiled in. I recently added mod_auth_mysql which is now working nicely. All my passwords are stored using MySql scrambling. However, when I log in to an area requiring authentication, am I right in thinking that the login box accepts the password as plain text, and therefore I am still at risk from sniffers etc ? I feel that if someone tried to "steal" my database, the encrypted passwords would be safe(r) than plain text.

Can anyone suggest an alternative method, or will I have go through the agony of trying to get SSL working again ?

TIA !