apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: apr_password_validate on win32 silently mishandles crypted hashes
Date Thu, 27 May 2004 17:16:35 GMT
rbb@rkbloom.net wrote:
> On Wed, 26 May 2004, William A. Rowe, Jr. wrote:
>>At 09:05 PM 5/26/2004, Stas Bekman wrote:
>>>I've posted the following wording:
>>>* Validate hashes created by APR-supported algorithms: md5 and base64.
>>>* hashes created by crypt are supported only on platforms that provide
>>>* crypt(3), so don't rely on that function unless you know that your
>>>* application will be run only on platforms that support it.
>>>* @param passwd The password to validate
>>>* @param hash The password to validate against
>>>Is that good enough?
>>_Please_ use @bug to document any platform specific, unpredictable,
>>or wildly incorrect behavior.  The days of /* XXX: */ should be long gone
>>now that doxygen will tabulate all our problems for us :)
> One more time now, this isn't a bug.  Labeling platform specific behaviour
> a bug isn't correct.  Especially not in this case, where the code works,
> it just doesn't accept all possible data on some platforms.  This wording
> looks fine to me.  I'll try to apply it tonight (no promises at all,
> between a wife who is due today and house guests, coding time is probably
> shot to hell for a while, so somebody else should try to beat me to this).

And while you are at it, Ryan, please add a note regarding that clear text 
matching, both in the docs and the code itself. So in the future you get this 
question again and again.

Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

View raw message