httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: basic auth broken
Date Mon, 01 Feb 1999 01:40:22 GMT
On Sun, 31 Jan 1999, Rasmus Lerdorf wrote:

> > > And I don't think we can have it both ways.  We can't both create passwd
> > > files that are cross-platform and also ensure that they work natively.  If
> > 
> > That isn't what we care about.  We care about being able to make a passwd
> > file that will work on any platform, _or_ making one that will work on the
> > native platform.  Now, that portable format may be the native format
> > sometimes and vice versa, but that is just a side effect.
> 
> Why don't we care about native compatibility?  I have two sites, for
> example, where the password file I use for Apache is the same password
> file I use for a CVS pserver.  If suddenly Apache starting using some
> "portable" format which did not match the native encryption I was using to
> generate my password file for my CVS system, things would get messy.  I
> would have to get in there and hack one of them.

No, we care about both of them.  We need a portable format.  We also need
the native format.  But we do not need any array of various native
formats, etc.  All we need is a single native format for each platform,
exactly like it is now.  The only thing that is changing is the addition
of an _optional_ portable format, which happens to also be used on
platforms where there is no native format.

This whole issue is about how we can tell, while reading it, if the
password we are reading from the htpasswd file is in native or portable
format.


Mime
View raw message