basic auth not working 100%

Boris Dolgov boris at dolgov.name
Wed Apr 7 20:07:04 MSD 2010


On Wed, Apr 7, 2010 at 7:33 PM, AMP Admin <admin at ampprod.com> wrote:
> On one of my boxes I noticed that if the password is only half the string it
> will authenticate.
> Should be:
> Username: tester
> Pass: ThisPassword1234#&^
> But the following authenticates:
> Username: tester
> Pass: ThisPassword
> Can anyone confirm this behavior?

ThisPass will also authenticate - crypt() uses only first 8 symbols of
the password.

-- 
Boris Dolgov.



More information about the nginx mailing list