
XP is just a number
	PerlMonks

Re: Writing to a .htaccess file, while it's in use

by amphiplex (Monk)

on Jul 23, 2002 at 05:14 UTC ( [id://184359]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to Writing to a .htaccess file, while it's in use

Hi !

The first thing I noticed: You are grepping for /^$user/, shouldn't you grep for /^$user:/ ?
If you have, for example, a user named "foo" and another one named "foobar", your grep would catch both and generate an error.

Another point: You should print the same error message for the case that the user is not found in the passwordfile and the passwords don't match. This way an attacker can't easily get a list of valid usernames.

Update:

to check password strength, you could use Crypt::Cracklib
You shouldn't be sending passwords per email

---- amphiplex

Comment on Re: Writing to a .htaccess file, while it's in use

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://184359]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.