XAMPP uses encrypted passwords using the htpasswd.exe default of MD5.
- Code: Select all
C:\xampp\apache\bin>htpasswd
Usage:
htpasswd [-cmdpsD] passwordfile username
htpasswd -b[cmdpsD] passwordfile username password
htpasswd -n[mdps] username
htpasswd -nb[mdps] username password
-c Create a new file.
-n Don't update file; display results on stdout.
-m Force MD5 encryption of the password (default).
-d Force CRYPT encryption of the password.
-p Do not encrypt the password (plaintext).
-s Force SHA encryption of the password.
-b Use the password from the command line rather than prompting for it.
-D Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.
Note the bit about
On Windows above.
This quote from the link you provided which you should really have quoted in full as your little snippet is a tad misleading.
Apache Week wrote:Encrypted passwords on Windows
In all current releases of Apache for Windows, passwords in .htpasswd files are stored unencrypted. This is because Windows does not contain a standard function for encrypting strings (on Unix, the crypt() function does this). Now string encryption has been added to Apache using the MD5 algorithm. This means that encrypted passwords can now be used with Apache. The Apache server and the htpasswd program have both been updated to work with MD5 encrypted passwords. On Windows, all passwords will now be encrypted with MD5. Unix will default to using crypt() for encrypting passwords, although it is possible to use MD5 instead (using the new -m option to htpasswd).
To see it working on XAMPP Apache in Windows XP type, at a command prompt in:
xampp/apache/bin/htpasswd -n -m anyname
It will prompt twice for a password - just enter
anyname twice.
Then the username
anything with an encrypted password of
anything will be displayed.
anyname:$apr1$Pd4.....$KFwyF4oDeNpA25hBkTbqW0
You can
Mark,
Copy and
Paste by clicking on the little icon in the top border left hand side of the console window and then select
Edit, if required, to a .htpasswd file of your choice. It is now MD5 encrypted, which is acceptable to Apache in Windows.
Neither the WebDavdoodah
password nor your
alan password were MD5 encrypted so they were thrown out by Apache on Windows.
wampp:XAMPP with WebDAV:bc7f2b670e7e965e307feb30492e642e
alan:yF.aWqsafAWBo
I hope this has cleared this up for those who are not sure about WebDav or indeed any encrypted password in XAMPP for Windows.
You can now be secure again if you wish and full marks for your diligent research on this password issue.