[lug] Interesting .htpasswd "feature"
Greg Horne
jeerygh at hotmail.com
Thu Oct 11 12:46:13 MDT 2001
Check this out:
If you .htpasswd a directory/site with apache 1.3.19, log in with the
correct username and (password + any characters thereafter) you will be
logged in. I tried this "feature" with apache 1.3.12 and it didn't work.
This seems kind of stupid since somebody doesn't have to use the exact
password when the log in to the site you are protecting. If you password
was ABCDEF and somebody tried the entire alphabet as a password they would
be allowed in. How odd. I wonder if it's just my machine. Can anybody
else confirm this?
Greg
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
More information about the LUG
mailing list