You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by co...@decus.org on 1997/04/24 16:46:15 UTC
Changed information for PR mod_auth-any/460
Synopsis: Password-Files must at most have two columns
State-Changed-From-To: open-suspended
State-Changed-By: coar@decus.org
State-Changed-When: Thu Apr 24 07:46:15 PDT 1997
State-Changed-Why:
Thank you for the information. We will see about
implementing this in a future release; it's too late
to get this into 1.2.
Re: Changed information for PR mod_auth-any/460
Posted by Marc Slemko <ma...@znep.com>.
(moved to new-httpd since few people are following bugdb still...)
Or do we want to implement a config file directive that enables "extended"
password files? If people don't have to look in the manual to figure out
how to make it work, they won't see any warnings and will have no idea of
the risks.
On Thu, 24 Apr 1997, Paul Sutton wrote:
> On Thu, 24 Apr 1997, Marc Slemko wrote:
> > We have had 5893 bug reports on this in the past and the response always
> > was "it's a bad thing to do, so we won't support it."
>
> ...(about ignoring additional colon-delimited fields in htpasswd)...
>
> Two issues
>
> 1 Using loging passwords _is_ a bad idea, true. This is a
> user-documentation issue though (since users can always
> "cut -f1,2 /etc/passwd > htpasswd" anyway).
>
> 2 This doesn't mean we should prevent people using extra fields
> in htpasswd. There have been several (many) patches for this
> suggested and requested in the past. It is a good idea. There are
> lots of uses for extra fields. A big +1 for implementation in 1.2.1.
>
> //pcs
>
Re: Changed information for PR mod_auth-any/460
Posted by Paul Sutton <pa...@ukweb.com>.
On Thu, 24 Apr 1997, Marc Slemko wrote:
> We have had 5893 bug reports on this in the past and the response always
> was "it's a bad thing to do, so we won't support it."
...(about ignoring additional colon-delimited fields in htpasswd)...
Two issues
1 Using loging passwords _is_ a bad idea, true. This is a
user-documentation issue though (since users can always
"cut -f1,2 /etc/passwd > htpasswd" anyway).
2 This doesn't mean we should prevent people using extra fields
in htpasswd. There have been several (many) patches for this
suggested and requested in the past. It is a good idea. There are
lots of uses for extra fields. A big +1 for implementation in 1.2.1.
//pcs
Re: Changed information for PR mod_auth-any/460
Posted by Marc Slemko <ma...@znep.com>.
We have had 5893 bug reports on this in the past and the response always
was "it's a bad thing to do, so we won't support it."
On Thu, 24 Apr 1997 coar@decus.org wrote:
> Synopsis: Password-Files must at most have two columns
>
> State-Changed-From-To: open-suspended
> State-Changed-By: coar@decus.org
> State-Changed-When: Thu Apr 24 07:46:15 PDT 1997
> State-Changed-Why:
> Thank you for the information. We will see about
> implementing this in a future release; it's too late
> to get this into 1.2.
>