Bug 40243 - Patch for htpasswd to optionally read passwords from stdin, not cmdline
Patch for htpasswd to optionally read passwords from stdin, not cmdline
Status: RESOLVED FIXED
Product: Apache httpd-2
Classification: Unclassified
Component: support
2.5-HEAD
All All
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
: FixedInTrunk
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2006-08-13 21:03 UTC by Adomas Paltanavicius
Modified: 2014-08-20 05:53 UTC (History)
0 users



Attachments
Patch for support/htpasswd.c, 2.3 trunk, r431238 (3.80 KB, patch)
2006-08-13 21:05 UTC, Adomas Paltanavicius
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adomas Paltanavicius 2006-08-13 21:03:38 UTC
Recently I've been doing some server-side scripting and made use of htpasswd for
managing password files.  Batch mode is supposed for things like this, but it
only accepts password on the command line, which is insecure given most OSes
allow process listing to any user by default.

So I added `-i' (input) switch which when given together with `-b' (batch),
forces reading password from stdin.  That is much safer, because I can now use
popen-like functionality, or redirect world-unreadable files to stdin, for that
matter.

Attached is a patch against 2.3 trunk, r431238.

(If this patch is accepted, I could also provide additions for documentation.)
Comment 1 Adomas Paltanavicius 2006-08-13 21:05:12 UTC
Created attachment 18709 [details]
Patch for support/htpasswd.c, 2.3 trunk, r431238
Comment 2 intersat2 2012-05-30 14:19:50 UTC
The patch works on 2.4. Thank you.
Comment 3 Stefan Fritsch 2012-10-07 09:13:48 UTC
Committed to trunk r1395256 with some tweaks. Thanks.
Comment 4 Stefan Fritsch 2013-03-03 16:52:15 UTC
fixed in 2.4.4