« | »

 

.htaccess Passwords

Friday, April 3rd, 2009 @ 9:18 PM | Online | deutsch deutsch

For month I’ve been using the wrong password to access my email administration. Strange thing is, I have not discovered this until just now because the web server granted me access all the time. A quick Google search confirmed my suspicion when I found Franz Seidl describing the same behaviour: By default an access control using .htpasswd files is taking only the first eight characters into consideration when checking passwords! So keep this in mind if you are protecting folders of your web server by setting up .htaccess files.

Addendum: adminblogger just pointed out to me, that you can tell htpasswd which algorithm to use when creating a password hash. See a short example by him at pastebin.

 

Recently

 

You can follow any responses through this RSS 2.0 feed.
You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> [lang_en] [lang_de] [lang_all]