homepage Welcome to WebmasterWorld Guest from 54.227.67.210
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess letting me in with wrong password?
migthegreek




msg:4227048
 12:24 pm on Nov 5, 2010 (gmt 0)

I have an htaccess password on a site, and it works fine but I can get into the site using anything I like as long as the first 8 characters are the same as the set password.

e.g. If my password is 'password123'

It will let me in using any of the following:

password4938067
password!
passwordBLKUADH

It always works, as long as the first 8 characters are correct. Anything else is ignored. Could this be the result of a poor encryption tool I used for the htpassword entry or something?

I used [4webhelp.net ]

My htaccess password block is as follows:

AuthType Basic
AuthName "Website"
AuthUserFile /var/www/websites/.htpasswd
Require user testuser

 

lammert




msg:4227070
 1:30 pm on Nov 5, 2010 (gmt 0)

It depends on the encryption type you use to create the password hash in the .htpasswd file. Default the crypt() function is used which was the default *nix encryption method for passwords. That encryption method is limited to the first eight characters as you already noticed. You can use SHA encryption by adding the -s parameter to the htpasswd utility if you create the passwords from a *nix command line. SHA hashes are not limited to the first eight characters of a supplied password.

migthegreek




msg:4227092
 2:00 pm on Nov 5, 2010 (gmt 0)

Right, thanks.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved