Re: How do you allow any n digit password in .htpasswd

Giganews Newsgroups
Subject: Re: How do you allow any n digit password in .htpasswd
Posted by:  Álvaro G. Vicario
Date: Thu, 17 Jun 2010

El 17/06/2010 12:46, dorayme escribió/wrote:
> Can you go about allowing *any* n digit password (along with a
> particular username) to allow anyone who knows the username and
> keys in any n number of digits from 0 to 9 to access
> a file or folder using the simple technology of
> .htaccess/.passwd?
>
> When you make an .htaccess you put in something like
>
> AuthUserFile /public/something.org.au/.htpasswd
> AuthType Basic
> AuthName "members"
> Require valid-user
>
> and you use an encrypter to generate the password that goes into
> .htpassd and it might look like this:
>
> johnsmith:hgcrBSZ7XJ6hq
>
> If it was just
>
> johnsmith:
>
> I assume it would be accessible on mere correct name entry?
>
> Is there anything you could write if you wanted any 7 digit
> number (0-9 to be used) in any order without having to supply all
> permutations. Or is htaccess/htpasswd not that sophisticated?

I don't understand what you want to do.

- If you want to restrict the complexity the of passwords chosen by your
users, you should do it before storing them in .htpasswd with whatever
script you are using to do so. Once stored, they are (or should be)
encrypted and they's no way to get them back (that's the purpose).

- If you want to allow blank or random passwords, you should consider
why you need password protection in the first place.

- If you want to set access by group, you just need to define groups:

    AuthType Basic
    AuthName "Restricted Resource"
    AuthUserFile /web/users
    AuthGroupFile /web/groups
    Require group admin

--
--http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web:http://borrame.com
-- Mi web de humor satinado:http://www.demogracia.com
--

Replies

In response to

How do you allow any n digit password in .htpasswd posted by dorayme on Thu, 17 Jun 2010