NCSA_Auth accepts any password as long as it begins with a valid password
I've noticed some odd behavior with my squid proxy server using authentication.
I'm using NCSA_Auth to do basic authentication and have a user/password set up (for example) as username=user, password=password.
The odd behavior noticed is that I can give it 'password1' or 'password12' as a password as well and it will accept and authenticate. It wont accept 'passwor' or 'pass' so it appears that if the first part of what enters matches the password, well, Bob's your uncle, you're in.
Has anyone encountered this with NCSA_Auth before? Is this considered normal?