[Pmwiki-users] unix crypt passwords vs. md5 hash
Greg Morgan
Cybie
Tue Apr 20 21:42:45 CDT 2004
Kass Lloyd wrote:
>This topic was brought to my mind when I installed Pmwiki on a machine
>running PHP as a cgi instead of an apache module. The unix crypt feature
>apparently is broken for cgi implementations of PHP including the most
>recent version of PHP4.
>
>Pmwiki should be modified to support md5 hashes for the passwords as a
>config option, and most likely make this type of passwords default. The
>md5() function has been available in PHP since PHP3. And with the newest
>version of Pmwiki requiring PHP 4.1.0 or higher all installs of Pmwiki
>will have the md5() function available. Also the md5() function
>functions the same no matter how PHP has been installed or what system
>it is installed on. This would provide wiki data files to be of the
>maximum compatibility for whatever system the wiki data has to be moved
>to.
>
>
I ran into this problem as well until I upgraded PHP on my servers to
the most current version.
Perhaps a $CryptFunction variable could be created with a default value
of MD5, so it would use the md5() function... Those who want more
security could change $CryptFunction to SHA1 in local.php and it would
use sha1() instead.
More information about the pmwiki-users
mailing list