Date: Mon, 7 Jul 2008 09:02:44 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "Odhiambo Washington" <odhiambo@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: .htaccess or OS related? Message-ID: <20080707090244.febdf06c.wmoran@potentialtech.com> In-Reply-To: <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com> References: <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707082222.eac3bbf6.wmoran@potentialtech.com> <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In response to "Odhiambo Washington" <odhiambo@gmail.com>: > I wonder whether the hosting provider will let the OP install > mod_whatever, even, if he could not be allowed to use htpasswd. I suppose, but if the OP is concerned about the security of his data beyond what the htpasswd command can do, he probably needs to get his data off a shared host anyway. > On 7/7/08, Bill Moran <wmoran@potentialtech.com> wrote: > > In response to "Jos Chrispijn" <jos@webrz.net>: > > > >> I ran into a problem last night that I was able to solve, but generated a > >> question: > >> > >> I have this hosting provider (uses Debian OS) on which I can't use > >> htpasswd > >> to generate user and password to protect a single file. > >> > >> To have this done I solved it as follows: did a htpasswd on my own server > >> (FreeBSD 7) and simply copied the file with the user:password (scrambled) > >> to > >> my home directory I have with this hosting provider and referred in the > >> .htaccess to it. And now comes the fun stuff: it worked without probs. > >> > >> > >> So the algorithm that is used on FreeBSD to scramble a user password is > >> the > >> same as it is used by Debian? Isn't that a security gap? > > > > The algorithm is part of Apache and has little or nothing to do with > > the OS on which it runs. > > > > And the encryption used to store passwords in .htaccess files is known > > to be weak. If you need something strong, look to one of the other mod_* > > security packages instead of .htaccess passwords. > > > > -- > > Bill Moran > > http://www.potentialtech.com > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > -- > Sent from Google Mail for mobile | mobile.google.com > > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Oh My God! They killed init! You Bastards!" > --from a /. post > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Bill Moran http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080707090244.febdf06c.wmoran>