Forum
Basic Auth
Rene
12 November 2011, 17:30
Hello,
i have an Web-Server with hiawatha secured with basic auth, here is a part of the config:
The Password has 13 chars. I can login, with the first 8-13 Chars of the password?
Can everywhere reproduce this error, or check this?
Hiawatha version: self compiled 7.8.1
Operating System: Linux www 2.6.26-2-686 #1 SMP Wed Sep 21 04:35:47 UTC 2011 i686 GNU/Linux (Debian)
i have an Web-Server with hiawatha secured with basic auth, here is a part of the config:
Directory {
Path = /var/www
AccessList = pwd all
# LoginMessage = DMS
PasswordFile = basic:/var/www/.passwd
}
The Password has 13 chars. I can login, with the first 8-13 Chars of the password?
Can everywhere reproduce this error, or check this?
Hiawatha version: self compiled 7.8.1
Operating System: Linux www 2.6.26-2-686 #1 SMP Wed Sep 21 04:35:47 UTC 2011 i686 GNU/Linux (Debian)
Hugo Leisink
12 November 2011, 18:58
This is not a bug in Hiawatha, but how Basic HTTP authentication was designed. My advice is to switch to Digest HTTP authentication.
Rene
12 November 2011, 19:33
Thanks!
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
