Hi!
Here is the description of the problem I'm expecting.
I'm starting ntop:
# ntop --sticky-hosts --max-table-rows=0 --create-suspicious-packets
--refresh-time=60 --http-server=0 --https-server=443 --no-fc
--no-invalid-lun --w3c
Trying to connect to https://my.ip.add.ress
I'm being prompted for user and password.
I'm entering the username, password... But everything after the eight
symbol in password is ignored!
I.E., we entering this:
user: admin
pass: password
Ntop accepts this and we are logged on.
Then we're reopening browser, trying to connect to
https://my.ip.add.ress again, and entering:
user: admin
pass: password_blablabla
And... We're logged in again!
So there only first eight symbols in password are checked. The rest is
ignored!
Tested on ntop-3.1 and ntop-3.2rc1 (cvs, 05.09.21), compiled from
sources, configured with '--prefix=/opt/ntop --enable-sslv3
--disable-ipv6' under Mandrake Linux 10.0 (128M RAM, OpenSSL 0.9.7c 30
Sep 2003) and Slackware 9.0 (256M RAM, OpenSSL 0.9.8 05 Jul 2005).
Is this a bug? ...or a feature?
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
