In response to "Jos Chrispijn" <[EMAIL PROTECTED]>:

> I ran into a problem last night that I was able to solve, but generated a
> question:
> I have this hosting provider (uses Debian OS) on which I can't use htpasswd
> to generate user and password to protect a single file. 
> To have this done I solved it as follows: did a htpasswd on my own server
> (FreeBSD 7) and simply copied the file with the user:password (scrambled) to
> my home directory I have with this hosting provider and referred in the
> .htaccess to it. And now comes the fun stuff: it worked without probs.
> So the algorithm that is used on FreeBSD to scramble a user password is the
> same as it is used by Debian? Isn't that a security gap?

The algorithm is part of Apache and has little or nothing to do with
the OS on which it runs.

And the encryption used to store passwords in .htaccess files is known
to be weak.  If you need something strong, look to one of the other mod_*
security packages instead of .htaccess passwords.

Bill Moran
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to