.htaccess or OS related?
Bill Moran
wmoran at potentialtech.com
Mon Jul 7 12:23:26 UTC 2008
In response to "Jos Chrispijn" <jos at webrz.net>:
> I ran into a problem last night that I was able to solve, but generated a
> question:
>
> I have this hosting provider (uses Debian OS) on which I can't use htpasswd
> to generate user and password to protect a single file.
>
> To have this done I solved it as follows: did a htpasswd on my own server
> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to
> my home directory I have with this hosting provider and referred in the
> .htaccess to it. And now comes the fun stuff: it worked without probs.
>
>
> So the algorithm that is used on FreeBSD to scramble a user password is the
> same as it is used by Debian? Isn't that a security gap?
The algorithm is part of Apache and has little or nothing to do with
the OS on which it runs.
And the encryption used to store passwords in .htaccess files is known
to be weak. If you need something strong, look to one of the other mod_*
security packages instead of .htaccess passwords.
--
Bill Moran
http://www.potentialtech.com
More information about the freebsd-questions
mailing list