Project

General

Profile

Does lighttpd not support all special characters in password string?

Added by kthaore 25 days ago

Does lighttpd not support all special characters in password string?

I am using lighttpd v1.4.55 server on my Ubuntu i686 32 bit system.

I tried password string with single quotation (') and double quotation (") characters, but login fails always.
I also tried password string with backslash (\) character. In this case login succeeds when I replace \ with \\ in the password string; but fails on using a single \ as is.

Please suggest which special characters are not supported by lighttpd in password strings.


Replies (2)

RE: Does lighttpd not support all special characters in password string? - Added by gstrauss 25 days ago

You have failed to mention relevant details of your lighttpd.conf.

Please suggest which special characters are not supported

kthaore is the special character; lighttpd works just fine (just verified with simple test cases).

kthaore does not work and does not test well.
references:
https://redmine.lighttpd.net/boards/2/topics/9932
https://redmine.lighttpd.net/boards/2/topics/9948
https://redmine.lighttpd.net/boards/2/topics/9946

RE: Does lighttpd not support all special characters in password string? - Added by kthaore 25 days ago

From my testing:

Following password strings work
1. Guest-12345
2. Guest12345

Following password strings did not allow successful login
1. Guest-12345"
2. Guest-12345'
3. Guest-12345"\'

For password string Guest-12345\ if user enters password as Guest-12345\\ then login succeeds else it fails if user enters Guest-12345\.

So, as I mentioned in my original query, characters single quotation ('), double quotation (") and backslash (\) don't seem to work with password strings.

Please also note that lighttpd server on my system is configured for digest authentication.

    (1-2/2)