Web Servers General Talk - Apache/htaccess: Capturing password entered by user

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers General Talk > January 2004 > Apache/htaccess: Capturing password entered by user





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Apache/htaccess: Capturing password entered by user
Andras Malatinszky

2004-01-19, 6:32 am

How can I access/capture/log the password that a user enters under a
Basic Authentication scheme in Apache?

Here's the situation I'd like to resolve: as a webmaster of a
password-protected site with about 15k users, I get a number of
inquiries a day along the lines of "my password doesn't work." Almost
always, I look up the user's user name and password from a database
and then successfully authenticate. But then all I can say to the user
is "I don't know, you must have mistyped your password." I can grep
the error log for his user name and find something like

[Tue Jan 13 09:09:02 2004] [error] [client 24.73.18.13] user uwedyd:
authentication failure for "/broker/": password mismatch

so I know he entered his user name right, but I wish I could see what
he entered for a password so I could write back to him saying "Your
password is 'Boston' but you entered 'bOSTON' so release your caps
lock and try again."

Any suggestions?

Thanks,

Andras
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com