On Tue, Sep 10, 2002 at 11:31:20AM -0700, Aaron Bannert wrote: > Although I like the idea of rethinking these sorts of things, I don't > think we would do well to break current .htpasswd files or homebrew > scripts that do the work of htpasswd.
I think we can do it in a way that wouldn't break old htpasswd files. If the first character is a {, then we look for a matching }, and everything in between should be a code for the algorithm used. If the first character isn't a { or we don't have a matching }, then it isn't a problem. And, AFAIK, none of the current algorithms allow { or } as valid characters (which is why LDAP uses it). So, we really shouldn't see a { without a matching }. -- justin