Date: Mon, 7 Jul 2008 08:22:22 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "Jos Chrispijn" <jos@webrz.net> Cc: freebsd-questions@freebsd.org Subject: Re: .htaccess or OS related? Message-ID: <20080707082222.eac3bbf6.wmoran@potentialtech.com> In-Reply-To: <001201c8e02b$9c6e9ed0$d54bdc70$@net> References: <001201c8e02b$9c6e9ed0$d54bdc70$@net>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to "Jos Chrispijn" <jos@webrz.net>: > I ran into a problem last night that I was able to solve, but generated a > question: > > I have this hosting provider (uses Debian OS) on which I can't use htpasswd > to generate user and password to protect a single file. > > To have this done I solved it as follows: did a htpasswd on my own server > (FreeBSD 7) and simply copied the file with the user:password (scrambled) to > my home directory I have with this hosting provider and referred in the > .htaccess to it. And now comes the fun stuff: it worked without probs. > > > So the algorithm that is used on FreeBSD to scramble a user password is the > same as it is used by Debian? Isn't that a security gap? The algorithm is part of Apache and has little or nothing to do with the OS on which it runs. And the encryption used to store passwords in .htaccess files is known to be weak. If you need something strong, look to one of the other mod_* security packages instead of .htaccess passwords. -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080707082222.eac3bbf6.wmoran>