On Tue, Apr 29, 2008 at 2:21 AM, Marta Gros Marín <mgros@xxxxxxxxx> wrote: > Hi, thanks for answering. Can you please tell me why it is better to > manipulate the password file directly rather than calling htdigest or > htpasswd? thanks. Mostly for security reasons, really (although it would be much faster, as well). Whenever you call an external program from a CGI script, you run the risk of all the different types of shell exploits that can get you. Plus neither of these programs was explicitly designed to be called from the web. They therefore may or may not be safe for that purpose in other ways. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|