Re: Auth basic only compares first 8 chars

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mark Constable wrote:

Using apache 2.2.4 with mod_auth_basic, mod_dbd and
mod_authn_dbd (with apr-util compiled with sqlite3
support) it seems that only the first 8 characters
of an incoming password are compared to the crypted
version stored in the database!
When you use the crypt algorithm, only the first 8 password characters are considered. See the htpasswd docs at: 

http://httpd.apache.org/docs/2.2/programs/htpasswd.html#security

-tom-

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux