basic_auth plain text password

Maxim Dounin mdounin at
Fri Sep 10 14:15:28 MSD 2010


On Fri, Sep 10, 2010 at 10:02:24AM +0300, Darius Damalakas wrote:

> I am running nginx/0.8.50, and i am using "auth_basic" for basic
> authentication.   Now what i have found so far is that it looks like
> nginx is treating the passwords as plain text.  My basic idea is that
> Nginx does not encrypt the password that it gets with MD5 or any other
> algorithm, and simply checks password that is sent as plain text.
> is this true or am i missing something?


> I've found on google some mails in mailing lists that tell that this
> might not yet be implemented (can't find that URL now).
> And, by the way, OS is WinXP.

Windows has no crypt() function and only plain text passwords are 
supported for now.

Maxim Dounin

More information about the nginx mailing list