httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: feature request (fwd)
Date Wed, 09 Aug 1995 17:46:24 GMT
On Wed, 9 Aug 1995, Florent Guillaume wrote:
> > Since both Apache/htpasswd and login(1) use the same function to
> > encrypt passwords, you'd think that you could just say:
> > 
> >     AuthUserFile    /etc/passwd
> 
> It is evil to use the system passwords for the WWW, because
> these passwords are sent in clear to whoever asks them.

I'd use the term "unwise", but yeah, I agree that it shouldn't be 
suggested or necessarily enabled in our setup.  MD5 authentication is 
going to require storing something other than the crypted password 
anyways.

	Brian

--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
brian@organic.com  brian@hyperreal.com  http://www.[hyperreal,organic].com/


Mime
View raw message