httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <traw...@gmail.com>
Subject [PATCH] htdbm: warn crypt-enabled users that plaintext format won't work
Date Mon, 03 Apr 2006 22:47:57 GMT
Index: support/htdbm.c
===================================================================
--- support/htdbm.c     (revision 390811)
+++ support/htdbm.c     (working copy)
@@ -308,6 +308,10 @@
         case ALG_PLAIN:
             /* XXX this len limitation is not in sync with any HTTPd len. */
             apr_cpystrn(cpw,htdbm->userpass,sizeof(cpw));
+#if APR_HAVE_CRYPT_H
+            fprintf(stderr, "Warning: Plain text passwords aren't
supported by the "
+                    "server on this platform!\n");
+#endif
         break;
 #if APR_HAVE_CRYPT_H
         case ALG_CRYPT:

FWIW, when you choose crypt() you see "CRYPT is now deprecated, use
MD5 instead!"

As I understand the plaintext password issue:

In the database file, there are special denotations for md5 and sha1

password hashes, and if there is no denotation then the server expects

(defaults to) crypt() format.  But on Windows no crypt() function is

available, so no denotation means plaintext format there.



1) design issue: file format doesn't have a delimeter for plain text, so a

server on Unix has no way to support plaintext passwords



2) usability issue: htdbm doesn't warn users on platforms with crypt() that

it is fruitless to specify plaintext format for password

Mime
View raw message