httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From José Miguel Holguín Aparicio <jholg...@pentester.es>
Subject Authentication Basic default format
Date Wed, 21 Oct 2009 09:07:05 GMT
Hi,

I have a question about htpasswd when creating password hashes for
"Basic Authentication". Why there isn't any warning message regarding
password truncate to 8 characters?

As you can see at your own documentation
(http://httpd.apache.org/docs/2.2/misc/password_encryptions.html),
OpenSSL is already warning us about this issue.


In my opinion htpasswd command must show a warning message like
OpenSSL does. Do you agree?

Thanks in advance.
Regards

-- 
José Miguel Holguín
Security Technical Consultant
Carnegie Mellon Certified (FIH)

http://www.pentester.es

Mime
View raw message