.htaccess or OS related?

Odhiambo Washington odhiambo at gmail.com
Mon Jul 7 12:59:00 UTC 2008


I wonder whether the hosting provider will let the OP install
mod_whatever, even, if he could not be allowed to use htpasswd.



On 7/7/08, Bill Moran <wmoran at potentialtech.com> wrote:
> In response to "Jos Chrispijn" <jos at webrz.net>:
>
>> I ran into a problem last night that I was able to solve, but generated a
>> question:
>>
>> I have this hosting provider (uses Debian OS) on which I can't use
>> htpasswd
>> to generate user and password to protect a single file.
>>
>> To have this done I solved it as follows: did a htpasswd on my own server
>> (FreeBSD 7) and simply copied the file with the user:password (scrambled)
>> to
>> my home directory I have with this hosting provider and referred in the
>> .htaccess to it. And now comes the fun stuff: it worked without probs.
>>
>>
>> So the algorithm that is used on FreeBSD to scramble a user password is
>> the
>> same as it is used by Debian? Isn't that a security gap?
>
> The algorithm is part of Apache and has little or nothing to do with
> the OS on which it runs.
>
> And the encryption used to store passwords in .htaccess files is known
> to be weak.  If you need something strong, look to one of the other mod_*
> security packages instead of .htaccess passwords.
>
> --
> Bill Moran
> http://www.potentialtech.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

-- 
Sent from Google Mail for mobile | mobile.google.com

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

"Oh My God! They killed init! You Bastards!"
                        --from a /. post


More information about the freebsd-questions mailing list