The stupid question is the question not asked | |
PerlMonks |
Re: Writing to a .htaccess file, while it's in useby amphiplex (Monk) |
on Jul 23, 2002 at 09:14 UTC ( [id://184359]=note: print w/replies, xml ) | Need Help?? |
Hi ! The first thing I noticed: You are grepping for /^$user/, shouldn't you grep for /^$user:/ ? If you have, for example, a user named "foo" and another one named "foobar", your grep would catch both and generate an error. Another point: You should print the same error message for the case that the user is not found in the passwordfile and the passwords don't match. This way an attacker can't easily get a list of valid usernames. Update:
---- amphiplex
In Section
Seekers of Perl Wisdom
|
|