Re: Writing to a .htaccess file, while it's in use


The stupid question is the question not asked
	PerlMonks

Re: Writing to a .htaccess file, while it's in use

by amphiplex (Monk)

on Jul 23, 2002 at 09:14 UTC ( [id://184359]=note: print w/replies, xml )

Need Help??

in reply to Writing to a .htaccess file, while it's in use

Hi !

The first thing I noticed: You are grepping for /^$user/, shouldn't you grep for /^$user:/ ?
If you have, for example, a user named "foo" and another one named "foobar", your grep would catch both and generate an error.

Another point: You should print the same error message for the case that the user is not found in the passwordfile and the passwords don't match. This way an attacker can't easily get a list of valid usernames.

Update:

to check password strength, you could use Crypt::Cracklib
You shouldn't be sending passwords per email

---- amphiplex

Comment on Re: Writing to a .htaccess file, while it's in use

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://184359]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others about the Monastery: (9)

As of 2024-04-23 11:05 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found