Re[2]: [users@httpd] Authentication/Authorization feature or bug?

["Victor B. Gonzalez" <ap...@vbgunz.com>]

Hello Robert,

>>   I am pretty sure maybe I am doing something wrong on my part. If
>>   someone knows my name they can on my machine easily change my
>>   password without knowing the original password...

RA> In what way does this relate to Apache? And, if you are talking about your
RA> Windows user account, this is probably not the best place to ask ;-).

>>   ...snip...

RA> I'm sorry, I cannot  really see what you are asking here. If this indeed do
RA> relate to Apache, please elaborate on your question(s).

I am sorry. I mean if I use htpasswd.exe through the command line and
set a password for myself any one else can through the command line
change my password without knowing the original...

I guess it is not a big deal if someone can do much more harm simply
deleting the password files all together...

Thank you

-- 
Best regards,
 Victor B. Gonzalez                          

apache_2.0.46-win32-x86-no_src
Windows XP 5.1 Build 2600 Service Pack 1


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re[2]: [users@httpd] Authentication/Authorization feature or bug?

[Robert Andersson <ro...@profundis.nu>]

Victor B. Gonzalez wrote:
> I am sorry. I mean if I use htpasswd.exe through the command line and
> set a password for myself any one else can through the command line
> change my password without knowing the original...

Anyone that can execute htpasswd and has write permissions on the password
file can do just about anything with it. It is up to you to make sure noone
has access to the utility and/or those permissions.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Re[2]: [users@httpd] Authentication/Authorization feature or bug?

[Robert Andersson <ro...@profundis.nu>]

Sorry, forgot to answer this one:

Victor B. Gonzalez wrote:
>   I can also see if they get to the password files they can delete
>   them too... OK, no biggie but can I make a backup file without
>   manually backing it up?

Not sure what you mean by "manually backing it up" in this context. There is
no native automatic backup feature associated with htpasswd. But yes, they
are regular files so you can copy and replace them at your discretion.

Regards,
Robert Andersson


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org