2003/01/01
$web/etc/passwd
$web/etc/passwd
, where $web
is web root. The below is an examample of passwd
.# a sample password file 'aladdin''s lamp' 54ef36ec71201fdf9d1423fd26f97f6b /photo/privateIn
passwd
, comments follow "#
". Blank lines are allowed. Regular lines have three fields.'aladdin''s lamp'
means that the user should writealaddin's lampfor his/her ID. This ID need not be registered in
/adm/users
. If the ID contains spaces or single quotation mark then you should follow rc
style string rule.echo -n
:echo -n 'open sesame' | md5sumThird field is a path. All accesses deeper than or equal to this path is required password.
File passwd
is located in CPU server. Therefore the file may be read by other users. Good password is required even if it is hashed using MD5. This authentication is based on "basic authentication" defined in HTTP/1.0. The scheme is widely used because of its simplicity but weak in network snooping. Therefore don't use for secure documents. The problem will be much reduced if you use "https" protocol.
See path matching for more information to judge whether the requested path matches third field. The judge will be executed after all URI transformation. (This means the requested path is transformed to the path of a file.)