Return-Path: 
 <modperl-return-15588-apmail-modperl-archive=apache.org@apache.org>
Delivered-To: apmail-modperl-archive@apache.org
Received: (qmail 29215 invoked by uid 500); 5 Apr 2001 17:45:00 -0000
Mailing-List: contact modperl-help@apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:modperl-help@apache.org>
list-unsubscribe: <mailto:modperl-unsubscribe@apache.org>
list-post: <mailto:modperl@apache.org>
Delivered-To: mailing list modperl@apache.org
Received: (qmail 29199 invoked from network); 5 Apr 2001 17:44:58 -0000
Sender: tyr@cathedral.teiresias.net
Message-ID: <3ACCAF2F.2EDE5E39@teiresias.net>
Date: Thu, 05 Apr 2001 11:45:19 -0600
From: Bolt Thrower <tyr@teiresias.net>
Organization: Damage, Inc.
X-Mailer: Mozilla 3.04Gold (X11; I; Linux 2.4.2 i686)
MIME-Version: 1.0
To: modperl@apache.org
Subject: Apache::AuthTicket and MD5 question
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Spam-Rating: h31.sny.collab.net 1.6.2 0/1000/N

In version 0.20 of Apache::AuthTicket, there are a few calls to
Digest::MD5->md5_hex().  According to the documentation for Digest::MD5,
md5_hex is a function, not a method call.  So, for example, when
AuthTicket compares my password to the MD5 digest in my database that
was placed there by php (md5()), it's essentially doing an md5sum of
("Digest::MD5","password"), which needless to say doesn't match the
string that's in the database.

Shouldn't these md5_hex calls be changed to Digest::MD5::md5_hex()?
-- 
Steve Chadsey <tyr@teiresias.net>
Now playing: The Veils of Negative Existence
(Manilla Road - "Crystal Logic")