From: Eric Wong <normalperson@...>
Date: 2017-09-19T08:38:23+00:00
Subject: [ruby-core:82866] Re: [Ruby trunk Feature#11365][Assigned] Change Webrick to support SHA htpasswd files

hsbt@ruby-lang.org wrote:
> Issue #11365 has been updated by hsbt (Hiroshi SHIBATA).
> 
> Status changed from Open to Assigned
> Assignee set to normalperson (Eric Wong)
> 
> ----------------------------------------
> Feature #11365: Change Webrick to support SHA htpasswd files
> https://bugs.ruby-lang.org/issues/11365#change-66759

> This changes Webrick to default to creating SHA htpasswd files.
> It also changes Webrick to support reading SHA htpasswd files,
> in addition to supporting the previous crypt password files.

We must keep tests for crypt htpasswd files to ensure existing
files continue working.

> Among other things, this allows Webrick's htpasswd support to
> work on OpenBSD, which does not support insecure DES-based
> passwords in crypt(3).

This is an old issue; and nowadays SHA-1 is on it's way out...
Should we be looking at SHA-256 or something?  (not a crypto expert)

Thanks.


Btw, (anybody) feel free to re-ping me (+Cc) in case I forget
about this after a few days.  I didn't notice this until just
now, I'm a new WEBrick maintainer, and sometimes Subject lines
are too long for my tiny attention span :x

Unsubscribe: <mailto:ruby-core-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>