mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+ *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
+
*) mod_sed: Reduce memory consumption when processing very long lines.
PR 48024 [Basant Kumar Kukreja <basant.kukreja sun.com>]
one) is omitted. It cannot be combined with the <code>-c</code> option.</dd>
<dt><code>-m</code></dt>
- <dd>Use MD5 encryption for passwords. On Windows and Netware, this is
- the default.</dd>
+ <dd>Use MD5 encryption for passwords. This is the default.</dd>
<dt><code>-d</code></dt>
- <dd>Use <code>crypt()</code> encryption for passwords. The default on all
- platforms but Windows and Netware. Though possibly supported by
- <code>htpasswd</code> on all platforms, it is not supported by the
- <program>httpd</program> server on Windows and Netware.</dd>
+ <dd>Use <code>crypt()</code> encryption for passwords. This is not
+ supported by the <program>httpd</program> server on Windows and
+ Netware.</dd>
<dt><code>-s</code></dt>
<dd>Use SHA encryption for passwords. Facilitates migration from/to Netscape
</example>
<p>Adds or modifies the password for user <code>jsmith</code>. The user
- is prompted for the password. If executed on a Windows system, the password
- will be encrypted using the modified Apache MD5 algorithm; otherwise, the
- system's <code>crypt()</code> routine will be used. If the file does not
- exist, <code>htpasswd</code> will do nothing except return an error.</p>
+ is prompted for the password. The password will be encrypted using the
+ modified Apache MD5 algorithm. If the file does not exist,
+ <code>htpasswd</code> will do nothing except return an error.</p>
<example>
htpasswd -c /home/doe/public_html/.htpasswd jane
will display a message and return an error status.</p>
<example>
- htpasswd -mb /usr/web/.htpasswd-all jones Pwd4Steve
+ htpasswd -db /usr/web/.htpasswd-all jones Pwd4Steve
</example>
<p>Encrypts the password from the command line (<code>Pwd4Steve</code>)
- using the MD5 algorithm, and stores it in the specified file.</p>
+ using the <code>crypt()</code> algorithm, and stores it in the specified
+ file.</p>
</section>
<section id="security"><title>Security Considerations</title>
apr_file_printf(errfile, " -n Don't update file; display results on "
"stdout." NL);
apr_file_printf(errfile, " -m Force MD5 encryption of the password"
-#if defined(WIN32) || defined(NETWARE)
" (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -d Force CRYPT encryption of the password"
-#if (!(defined(WIN32) || defined(NETWARE)))
- " (default)"
-#endif
"." NL);
apr_file_printf(errfile, " -p Do not encrypt the password (plaintext)." NL);
apr_file_printf(errfile, " -s Force SHA encryption of the password." NL);
"rather than prompting for it." NL);
apr_file_printf(errfile, " -D Delete the specified user." NL);
apr_file_printf(errfile,
- "On Windows and NetWare systems the '-m' flag is used by "
- "default." NL);
+ "On other systems than Windows and NetWare the '-p' flag will "
+ "probably not work." NL);
apr_file_printf(errfile,
- "On all other systems, the '-p' flag will probably not work." NL);
+ "The SHA algorithm does not use a salt and is less secure than "
+ "the MD5 algorithm." NL);
exit(ERR_SYNTAX);
}
char *scratch, cp[MAX_STRING_LEN];
int found = 0;
int i;
- int alg = ALG_CRYPT;
+ int alg = ALG_APMD5;
int mask = 0;
apr_pool_t *pool;
int existing_file = 0;
projects / apache / commitdiff