Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Jul 2008 15:58:59 +0300
From:      "Odhiambo Washington" <odhiambo@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: .htaccess or OS related?
Message-ID:  <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com>
In-Reply-To: <20080707082222.eac3bbf6.wmoran@potentialtech.com>
References:  <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707082222.eac3bbf6.wmoran@potentialtech.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I wonder whether the hosting provider will let the OP install
mod_whatever, even, if he could not be allowed to use htpasswd.



On 7/7/08, Bill Moran <wmoran@potentialtech.com> wrote:
> In response to "Jos Chrispijn" <jos@webrz.net>:
>
>> I ran into a problem last night that I was able to solve, but generated a
>> question:
>>
>> I have this hosting provider (uses Debian OS) on which I can't use
>> htpasswd
>> to generate user and password to protect a single file.
>>
>> To have this done I solved it as follows: did a htpasswd on my own server
>> (FreeBSD 7) and simply copied the file with the user:password (scrambled)
>> to
>> my home directory I have with this hosting provider and referred in the
>> .htaccess to it. And now comes the fun stuff: it worked without probs.
>>
>>
>> So the algorithm that is used on FreeBSD to scramble a user password is
>> the
>> same as it is used by Debian? Isn't that a security gap?
>
> The algorithm is part of Apache and has little or nothing to do with
> the OS on which it runs.
>
> And the encryption used to store passwords in .htaccess files is known
> to be weak.  If you need something strong, look to one of the other mod_*
> security packages instead of .htaccess passwords.
>
> --
> Bill Moran
> http://www.potentialtech.com
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>

-- 
Sent from Google Mail for mobile | mobile.google.com

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
                        --from a /. post



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?991123400807070558r306aeb20w315d8a03ac33e6b3>