From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 12:59:00 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D0021065685 for ; Mon, 7 Jul 2008 12:59:00 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 2E1CF8FC23 for ; Mon, 7 Jul 2008 12:59:00 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by qw-out-2122.google.com with SMTP id 9so1243qwb.7 for ; Mon, 07 Jul 2008 05:58:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=vvwukwzvtZr5EZx3WsL80GIQbXJo9/tHF9e51Mz05Ow=; b=nc6p6aPlR7im+rNl2sGzQ29SdwIEngMoP/DNsAo3o4hzYEdCdgDZ24zoJ9S3ir9/7Y ePfah8+CpEbobEX8mVdZ2xU8z0oQBVdlTUgF/XyfwqIGOCPe/PfY1euK3IkXL8Ax/Y2B /0b9O0QuNknjG7kpNvDm5tBQzU/veWWBTZXP4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=Ev8sxyYAKbXFr2jBox+auh6yTGR2ST6JJ1CuuwHhz8/qH6FFAwz6AXheq8cL0V98/9 aLlljusGZU9uI+j3UcthGpLNBavAWvsgOjjRIHuqlC37tRNXrch12U2J187g9MRt1InE UZUZ9Mq+gF8+zqujPdAmXcatmzJ4xuJ2Pmfxg= Received: by 10.151.154.20 with SMTP id g20mr8203019ybo.59.1215435539207; Mon, 07 Jul 2008 05:58:59 -0700 (PDT) Received: by 10.150.219.9 with HTTP; Mon, 7 Jul 2008 05:58:59 -0700 (PDT) Message-ID: <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com> Date: Mon, 7 Jul 2008 15:58:59 +0300 From: "Odhiambo Washington" To: freebsd-questions@freebsd.org In-Reply-To: <20080707082222.eac3bbf6.wmoran@potentialtech.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707082222.eac3bbf6.wmoran@potentialtech.com> Subject: Re: .htaccess or OS related? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 12:59:00 -0000 I wonder whether the hosting provider will let the OP install mod_whatever, even, if he could not be allowed to use htpasswd. On 7/7/08, Bill Moran wrote: > In response to "Jos Chrispijn" : > >> I ran into a problem last night that I was able to solve, but generated a >> question: >> >> I have this hosting provider (uses Debian OS) on which I can't use >> htpasswd >> to generate user and password to protect a single file. >> >> To have this done I solved it as follows: did a htpasswd on my own server >> (FreeBSD 7) and simply copied the file with the user:password (scrambled) >> to >> my home directory I have with this hosting provider and referred in the >> .htaccess to it. And now comes the fun stuff: it worked without probs. >> >> >> So the algorithm that is used on FreeBSD to scramble a user password is >> the >> same as it is used by Debian? Isn't that a security gap? > > The algorithm is part of Apache and has little or nothing to do with > the OS on which it runs. > > And the encryption used to store passwords in .htaccess files is known > to be weak. If you need something strong, look to one of the other mod_* > security packages instead of .htaccess passwords. > > -- > Bill Moran > http://www.potentialtech.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Sent from Google Mail for mobile | mobile.google.com Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Oh My God! They killed init! You Bastards!" --from a /. post