You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2011/03/09 22:18:25 UTC
DO NOT REPLY [Bug 50905] New: Basic Auth password issue
https://issues.apache.org/bugzilla/show_bug.cgi?id=50905
Summary: Basic Auth password issue
Product: Apache httpd-2
Version: 2.2.3
Platform: PC
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Core
AssignedTo: bugs@httpd.apache.org
ReportedBy: dcatrett@gmail.com
When using basic auth, if you take off the last character of the password, it
will still authenticate. ie. the last character of password is optional
I first discovered this error confirming that basic auth was working via lynx
and deleting the last character.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50905] Basic Auth password issue
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50905
--- Comment #1 from dcatrett@gmail.com 2011-03-09 16:20:58 EST ---
Example:
lynx -auth=foo_admin:foo_admi http://pxy01foo/blah
gives the same result as
lynx -auth=foo_admin:foo_admin http://pxy01foo/blah
where the login/pass is foo_admin/foo_admin
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 50905] Basic Auth password issue
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=50905
William A. Rowe Jr. <wr...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
--- Comment #2 from William A. Rowe Jr. <wr...@apache.org> 2011-03-09 17:31:40 EST ---
Such behavior is by design, and is a side effect of your system crypt()
function, where only 8 characters are significant.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org