From owner-freebsd-questions@FreeBSD.ORG Mon Jul 7 13:03:48 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95914106568F for ; Mon, 7 Jul 2008 13:03:48 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from mail.potentialtech.com (internet.potentialtech.com [66.167.251.6]) by mx1.freebsd.org (Postfix) with ESMTP id 627AA8FC15 for ; Mon, 7 Jul 2008 13:03:48 +0000 (UTC) (envelope-from wmoran@potentialtech.com) Received: from vanquish.ws.pitbpa0.priv.collaborativefusion.com (pr40.pitbpa0.pub.collaborativefusion.com [206.210.89.202]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.potentialtech.com (Postfix) with ESMTPSA id 0C492EBC08; Mon, 7 Jul 2008 09:03:46 -0400 (EDT) Date: Mon, 7 Jul 2008 09:02:44 -0400 From: Bill Moran To: "Odhiambo Washington" Message-Id: <20080707090244.febdf06c.wmoran@potentialtech.com> In-Reply-To: <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com> References: <001201c8e02b$9c6e9ed0$d54bdc70$@net> <20080707082222.eac3bbf6.wmoran@potentialtech.com> <991123400807070558r306aeb20w315d8a03ac33e6b3@mail.gmail.com> X-Mailer: Sylpheed 2.4.8 (GTK+ 2.12.9; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: .htaccess or OS related? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jul 2008 13:03:48 -0000 In response to "Odhiambo Washington" : > I wonder whether the hosting provider will let the OP install > mod_whatever, even, if he could not be allowed to use htpasswd. I suppose, but if the OP is concerned about the security of his data beyond what the htpasswd command can do, he probably needs to get his data off a shared host anyway. > On 7/7/08, Bill Moran wrote: > > In response to "Jos Chrispijn" : > > > >> I ran into a problem last night that I was able to solve, but generated a > >> question: > >> > >> I have this hosting provider (uses Debian OS) on which I can't use > >> htpasswd > >> to generate user and password to protect a single file. > >> > >> To have this done I solved it as follows: did a htpasswd on my own server > >> (FreeBSD 7) and simply copied the file with the user:password (scrambled) > >> to > >> my home directory I have with this hosting provider and referred in the > >> .htaccess to it. And now comes the fun stuff: it worked without probs. > >> > >> > >> So the algorithm that is used on FreeBSD to scramble a user password is > >> the > >> same as it is used by Debian? Isn't that a security gap? > > > > The algorithm is part of Apache and has little or nothing to do with > > the OS on which it runs. > > > > And the encryption used to store passwords in .htaccess files is known > > to be weak. If you need something strong, look to one of the other mod_* > > security packages instead of .htaccess passwords. > > > > -- > > Bill Moran > > http://www.potentialtech.com > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > -- > Sent from Google Mail for mobile | mobile.google.com > > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > "Oh My God! They killed init! You Bastards!" > --from a /. post > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- Bill Moran http://www.potentialtech.com