password bug

[Channel_Cat]

I noticed i could add anything to my password(when using the webadmin), which is d2ac5wrk (dunno if that does anyhting for you), and it would allow me to enter. an example would be "d2ac5wrkofiabnsdoigbaosies" would let me enter where as "d2ac5wr" would not. Ever heard of this?

--using litespeed 2 standard (latest release)

 

[mistwang]

That's the limit of the DES algorithm used in crypt() function, only the first 8 characters of the password are used to generate the encrypted password, the rest are ignored.
I think Apache is the same, isn't it? :roll:

Thanks,
George Wang

 

[Channel_Cat]

ohhhh okay, i was just worried about people logging in and stuff if i had a shorter password, thanks