Mark Constable wrote:
Using apache 2.2.4 with mod_auth_basic, mod_dbd and
mod_authn_dbd (with apr-util compiled with sqlite3
support) it seems that only the first 8 characters
of an incoming password are compared to the crypted
version stored in the database!
When you use the crypt algorithm, only the first 8 password characters
are considered. See the htpasswd docs at:
http://httpd.apache.org/docs/2.2/programs/htpasswd.html#security
-tom-
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
