You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Rob Hartill <ha...@hyperreal.com> on 1995/06/02 19:19:34 UTC

problem with DBM authorization (fwd)

Forwarded message:
> From hayne@crim.ca  Thu Jun  1 20:45:49 1995
> Message-Id: <95...@chan.crim.ca>
> Date: Fri, 02 Jun 95 03:45:42 0400
> From: Cameron Hayne <ha...@crim.ca>
> Organization: Centre de recherche informatique de Montr�al
> X-Mailer: Mozilla 1.1N (Macintosh; I; 68K)
> Mime-Version: 1.0
> To: apache-bugs@mail.apache.org
> Subject: problem with DBM authorization
> X-Url: http://www.apache.org/info.html
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain; charset=us-ascii
> 
> I have just started to use the Apache server (version 0.6.5 on an HP735)
> and am quite happy with it. Thanks for making it available !
> 
> But I just encountered what seems to be a bug in the DBM authorization.
> If the username chosen by the user is not all lowercase
> (eg if it is "Peter") then the authorization fails. The access_log
> shows attempts at getting the page and the username is shown in the log
> as "Peter" but the error_log shows that the DBM software is looking
> for "peter" not "Peter".
> The problem would seem to be the call to str_tolower() in the function
> get_dbm_pw() in http_config.c
> I haven't tried changing this yet but a cursory inspection of the
> get_dbm_pw() function makes it seem likely that omitting the call
> to str_to_lower() would be the thing to do.
> 
> 
> 
>