httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Gulizia" <>
Subject [users@httpd] htpasswd with Apache 2.0 - extra characters at the end of the password
Date Wed, 10 Sep 2003 16:06:39 GMT

I have a server that is running Redhat 9.0, and the Apache web server that came with it. 
I am currently working on the security for a website using basic authentication.  I have been
able to successfully get the security to work via .htaccess, as well as just using <Directory>
access via the httpd.conf file.

However in testing I've found that, while you will only gain access to the protected directory
by entering the password, you can also put a bunch of extra characters after the password
and it will still allow access.

I've searched the web, as well as the documentation, and couldn't find anything mentioning
this caveat.  Is this normal, or is there something that perhaps I've missed in my setup that
could be causing this?


Brian Gulizia

View raw message