Basic Auth

12 November 2011, 17:30

i have an Web-Server with hiawatha secured with basic auth, here is a part of the config:
Directory {
Path = /var/www
AccessList = pwd all
# LoginMessage = DMS
PasswordFile = basic:/var/www/.passwd

The Password has 13 chars. I can login, with the first 8-13 Chars of the password?

Can everywhere reproduce this error, or check this?

Hiawatha version: self compiled 7.8.1
Operating System: Linux www 2.6.26-2-686 #1 SMP Wed Sep 21 04:35:47 UTC 2011 i686 GNU/Linux (Debian)
Hugo Leisink
12 November 2011, 18:58
This is not a bug in Hiawatha, but how Basic HTTP authentication was designed. My advice is to switch to Digest HTTP authentication.
12 November 2011, 19:33
This topic has been closed.