httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: Changed information for PR mod_auth-any/460
Date Thu, 24 Apr 1997 18:54:55 GMT
(moved to new-httpd since few people are following bugdb still...)

Or do we want to implement a config file directive that enables "extended"
password files?  If people don't have to look in the manual to figure out
how to make it work, they won't see any warnings and will have no idea of
the risks. 

On Thu, 24 Apr 1997, Paul Sutton wrote:

> On Thu, 24 Apr 1997, Marc Slemko wrote:
> > We have had 5893 bug reports on this in the past and the response always
> > was "it's a bad thing to do, so we won't support it."
> ...(about ignoring additional colon-delimited fields in htpasswd)...
> Two issues
>   1  Using loging passwords _is_ a bad idea, true. This is a
>      user-documentation issue though (since users can always
>      "cut -f1,2 /etc/passwd > htpasswd" anyway).
>   2  This doesn't mean we should prevent people using extra fields
>      in htpasswd. There have been several (many) patches for this
>      suggested and requested in the past. It is a good idea. There are
>      lots of uses for extra fields. A big +1 for implementation in 1.2.1.
> //pcs

View raw message