httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: [users@httpd] Strange .htaccess password behavior
Date Fri, 31 Jul 2009 21:03:21 GMT
On Fri, Jul 31, 2009 at 3:47 PM, Scott Yoshinaga<kawaiichise@gmail.com> wrote:
> Hi all,
>
> I was wondering if any of you have ever experienced a problem with .htaccess
> like the one I am experiencing. To be upfront, I am running a standard
> install of Mac OSX 10.5.7 with MacPorts and apache2/php5/mysql5 on a new
> Quad Core Xenon MacPro. Apache versionĀ 2.2.11
>
> When I access a password protected page, it will accept the correct username
> and password. This is normal. What isn't normal is that I can also get to
> the page by using the correct username and password with anything else at
> the end of it!
>
> for example:
> password: helloworld
> will allow access, but so will
> password: helloworldthisismoretext
> and anything else for that matter.
>
> Not sure what the problem is but i've done everything I can think of to get
> it NOT to work that way.
>
> I have another server running almost the same configuration and it doesn't
> have this issue at all.
>
> Have any of you see this?
>

crypt()-based passwords truncate to 8 characters.  You can probably
find lots of discussion about it with that extra keyword.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message