hi steve :) if you have a moment, I was wondering if you could verify this scenario for me
http://marc.theaimsgroup.com/?l=apr-dev&m=108566146802317&w=2 here is a default unix htpasswd user/password (geoff/foo) pair geoff:emzquyt3brYm2 it may not be a likely attack, since crypt does not generate a one-way hash, but it would let a user through without a proper password (if I'm right) which is probably bad (and a good reason for supporting crypt on win32 :) --Geoff --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
