basic auth not working 100%
Ray
gunblad3 at gmail.com
Thu Apr 8 18:51:18 MSD 2010
Yeps that's a shortcoming of crypt(). One way to go around it is to use a 8
char password, but a pretty random string (the "password") as the username
;)
Ray.
On Thu, Apr 8, 2010 at 12:07 AM, Boris Dolgov <boris at dolgov.name> wrote:
> On Wed, Apr 7, 2010 at 7:33 PM, AMP Admin <admin at ampprod.com> wrote:
> > On one of my boxes I noticed that if the password is only half the string
> it
> > will authenticate.
> > Should be:
> > Username: tester
> > Pass: ThisPassword1234#&^
> > But the following authenticates:
> > Username: tester
> > Pass: ThisPassword
> > Can anyone confirm this behavior?
>
> ThisPass will also authenticate - crypt() uses only first 8 symbols of
> the password.
>
> --
> Boris Dolgov.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20100408/c44fd843/attachment.html>
More information about the nginx
mailing list