From: Toby A Inkster <tobyink@go...> - 2003-09-16 21:10:55
This is one of those questions that is either laughably easy or impossibly
difficult. Unfortunately I am as yet unable to decide which it is.
I have a directory on my server that is protected using basic
HTTP authentication (it's over SSL so don't worry about that!). Everything
is working fine and dandy there.
Now, CGI scripts within this directory can obtain the user name of someone
visiting through the REMOTE_USER environment variable. However, I also
need to access the remote password (so that I can pass it on log in to a
mail server), which doesn't seem possible.
Numerous resources on the web seem to mention REMOTE_PASSWORD, but their
authors seem to be living in a dream world. :-)
I am well aware that there are potential security issues with allowing any
script on the server to access this piece of information, but I don't
think any apply in this particular case.
So does anyone know of some obscure configuration directive to tell Apache
to set ta REMOTE_PASSWORD environment variable? Or would I need to hack
the source code? If the latter, has anyone already done it and can send me
Using: mod_auth_pam 1.1.1 (authenticating via samba)
Mandrake Linux 9.1
Thanks in advance,
Toby A Inkster BSc (Hons) ARCS
Contact Me - http://www.goddamn.co.uk/tobyink/?id=132
From: Ivan Ristic <ivanr@we...> - 2003-09-16 22:09:39
> So does anyone know of some obscure configuration directive to tell Apache
> to set ta REMOTE_PASSWORD environment variable? Or would I need to hack
> the source code? If the latter, has anyone already done it and can send me
> a patch?
The password is available to the script encoded in a HTTP header.
A quick Google search gave this link, among others:
[ Open source IDS for Web applications ]