Bug 40243 - Patch for htpasswd to optionally read passwords from stdin, not cmdline
Summary: Patch for htpasswd to optionally read passwords from stdin, not cmdline
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: support (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: FixedInTrunk
Depends on:
Reported: 2006-08-13 21:03 UTC by Adomas Paltanavicius
Modified: 2014-08-20 05:53 UTC (History)
0 users

Patch for support/htpasswd.c, 2.3 trunk, r431238 (3.80 KB, patch)
2006-08-13 21:05 UTC, Adomas Paltanavicius
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adomas Paltanavicius 2006-08-13 21:03:38 UTC
Recently I've been doing some server-side scripting and made use of htpasswd for
managing password files.  Batch mode is supposed for things like this, but it
only accepts password on the command line, which is insecure given most OSes
allow process listing to any user by default.

So I added `-i' (input) switch which when given together with `-b' (batch),
forces reading password from stdin.  That is much safer, because I can now use
popen-like functionality, or redirect world-unreadable files to stdin, for that

Attached is a patch against 2.3 trunk, r431238.

(If this patch is accepted, I could also provide additions for documentation.)
Comment 1 Adomas Paltanavicius 2006-08-13 21:05:12 UTC
Created attachment 18709 [details]
Patch for support/htpasswd.c, 2.3 trunk, r431238
Comment 2 intersat2 2012-05-30 14:19:50 UTC
The patch works on 2.4. Thank you.
Comment 3 Stefan Fritsch 2012-10-07 09:13:48 UTC
Committed to trunk r1395256 with some tweaks. Thanks.
Comment 4 Stefan Fritsch 2013-03-03 16:52:15 UTC
fixed in 2.4.4