stackoom
  简体   繁体   中英

.htpasswd / .htaccess is letting *almost* any password work

 原文  2010-09-04 13:54:57       security/ apache/ .htaccess

Question

I set up .htaccess / .htpassword and It works, except when I type the password incorrectly it still logs me in.. If I use a completely different password, doesn't work. A different user name, it doesn't work.

But if I use the proper user name and mostly the right password, it works?

Example:

password I'm using is "firefight", and "firefighter" seems to work. "Hose" won't.

Any clue?

2 answers

solution1
 7 ACCPTED  2010-09-04 13:59:44

From the htpasswd page :

When using the crypt() algorithm, note that only the first 8 characters of the password are used to form the password. If the supplied password is longer, the extra characters will be silently discarded.

solution2
 3  2010-09-04 13:59:07

仅考虑前8个字符。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question htaccess & htpasswd not hooking up correctly Remove .htpasswd Password Protection .(Nginx) Are all .dotfiles secure from http requests, or only .htaccess/.htpasswd? Securing devel grails application with single htpasswd like password Spring Security letting any request go through .htaccess password protection with ip block How secure is .htaccess password protection? .htaccess instead of username password protection .htaccess password protection deny from request uri Wordpress use htaccess password for protect site
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM