[plug] Apache & htpasswd
Brian Tombleson
brian at paradigmit.com.au
Mon May 21 12:09:59 WST 2001
From: "Simon Scott" <simon.scott at flexiplan.com>
> how hard would it actually be to rebuild the password file? It would
> be the quickest way out, and you should change the passwords regularly
> anyway.
>
> Perhaps change everyone's password to their birthdate, and write a
> password change script to get them to set their own password?
>
> I dont know which would be more insecure - changing everyone's
> password to their birthdate temporarily or leaving everyone to use the
same
> password forever.
Yes, good point. I have considered something like this.
Unfortunately, there are 1400 users listed and many of which we have very
limited information about as the older records (ie. older than 3 months)
were not very well kept :(
[news flash]
I have just been on the phone to the original hosters and they used a
[friggin!] customized method of authentication (at least in the password
hash area).
I think this leaves me stranded and verifies what Christian has just posted
concerning the 'junior' password looking wierd.
Re Christian: sorry about the confusion between hashing and encryption, I'm
the first to admit I am not fluent in the underlying theories and the
semnatics. It's really just the implementation that I'm concerned about at
this stage.
Thanks for your help Simon and Christian, I'll wait to hear from the
idio^H^H^H^H original hosters to see what we can do and then probably write
the scripts as recommended.
- Brian.
More information about the plug
mailing list