Opened 11 years ago
Last modified 9 years ago
#10975 closed enhancement
Enhancement for the contrib/htpasswd.py script — at Version 7
| Reported by: | Owned by: | Ryan J Ollos | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.1.5 |
| Component: | contrib | Version: | 1.0dev |
| Severity: | trivial | Keywords: | htpasswd |
| Cc: | Branch: | ||
| Release Notes: |
|
||
| API Changes: | |||
| Internal Changes: | |||
Description
I have updated the htpasswd.py from contrib.
Change History (8)
by , 11 years ago
| Attachment: | htpasswd.diff added |
|---|
comment:1 by , 11 years ago
It would be helpful if you described how you've updated and enhanced the script. That is generally considered good practice when creating a ticket and submitting a patch.
follow-up: 4 comment:2 by , 11 years ago
Oh yes. Sorry. So what I did was that:
- Improve the salt method by adding an optional parameter
lengthand using two constants from the string package - Improve the
loadandsavemethods of theHtpasswdFileclass by using thewithstatement for proper closing of the file - Rename the
-bparameter to-afor adding new users to the file and changing the deletion of users to-d(lower case) - Improved the adding of users by prompting for the password in a save way instead of reading it as a command line arg
comment:3 by , 11 years ago
| Keywords: | htpasswd verify added |
|---|---|
| Milestone: | → next-dev-1.1.x |
| Owner: | set to |
| Status: | new → assigned |
| Version: | → 1.0dev |
comment:4 by , 9 years ago
| Milestone: | next-dev-1.1.x → 1.1.5 |
|---|---|
| Owner: | changed from to |
Replying to thomasbilk@…:
Oh yes. Sorry. So what I did was that:
- Improve the salt method by adding an optional parameter
lengthand using two constants from the string package- Improve the
loadandsavemethods of theHtpasswdFileclass by using thewithstatement for proper closing of the file
Those changes look good.
- Rename the
-bparameter to-afor adding new users to the file and changing the deletion of users to-d(lower case)
Those options mirror the options for the htpasswd command line tool, so we should keep them as-is for consistency.
$ htpasswd
Usage:
htpasswd [-cimBdpsDv] [-C cost] passwordfile username
htpasswd -b[cmBdpsDv] [-C cost] passwordfile username password
htpasswd -n[imBdps] [-C cost] username
htpasswd -nb[mBdps] [-C cost] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-b Use the password from the command line rather than prompting for it.
-i Read password from stdin without verification (for script usage).
-m Force MD5 encryption of the password (default).
-B Force bcrypt encryption of the password (very secure).
-C Set the computing time used for the bcrypt algorithm
(higher is more secure but slower, default: 5, valid: 4 to 31).
-d Force CRYPT encryption of the password (8 chars max, insecure).
-s Force SHA encryption of the password (insecure).
-p Do not encrypt the password (plaintext, insecure).
-D Delete the specified user.
-v Verify password for the specified user.
On other systems than Windows and NetWare the '-p' flag will probably not work.
The SHA algorithm does not use a salt and is less secure than the MD5 algorithm.
- Improved the adding of users by prompting for the password in a save way instead of reading it as a command line arg
It could be okay to prompt for a password when the user hasn't specified it.
comment:5 by , 9 years ago
| Keywords: | verify removed |
|---|
Proposed changes in log:rjollos.git:t10975. The changes make htpasswd.py behave more like htpasswd.
comment:7 by , 9 years ago
| Release Notes: | modified (diff) |
|---|
Patch for htpasswd.py