.htaccess or OS related?

Bill Moran wmoran at potentialtech.com
Mon Jul 7 13:03:48 UTC 2008 

In response to "Odhiambo Washington" <odhiambo at gmail.com>:

> I wonder whether the hosting provider will let the OP install
> mod_whatever, even, if he could not be allowed to use htpasswd.

I suppose, but if the OP is concerned about the security of his data
beyond what the htpasswd command can do, he probably needs to get his
data off a shared host anyway.

> On 7/7/08, Bill Moran <wmoran at potentialtech.com> wrote:
> > In response to "Jos Chrispijn" <jos at webrz.net>:
> >
> >> I ran into a problem last night that I was able to solve, but generated a
> >> question:
> >>
> >> I have this hosting provider (uses Debian OS) on which I can't use
> >> htpasswd
> >> to generate user and password to protect a single file.
> >>
> >> To have this done I solved it as follows: did a htpasswd on my own server
> >> (FreeBSD 7) and simply copied the file with the user:password (scrambled)
> >> to
> >> my home directory I have with this hosting provider and referred in the
> >> .htaccess to it. And now comes the fun stuff: it worked without probs.
> >>
> >>
> >> So the algorithm that is used on FreeBSD to scramble a user password is
> >> the
> >> same as it is used by Debian? Isn't that a security gap?
> >
> > The algorithm is part of Apache and has little or nothing to do with
> > the OS on which it runs.
> >
> > And the encryption used to store passwords in .htaccess files is known
> > to be weak.  If you need something strong, look to one of the other mod_*
> > security packages instead of .htaccess passwords.
> >
> > --
> > Bill Moran
> > http://www.potentialtech.com
> > _______________________________________________
> > freebsd-questions at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> >
> 
> -- 
> Sent from Google Mail for mobile | mobile.google.com
> 
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> 
> "Oh My God! They killed init! You Bastards!"
>                         --from a /. post
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"


-- 
Bill Moran
http://www.potentialtech.com

More information about the freebsd-questions mailing list