Re: [cgiwrap-users] php-cgiwrap won't process authentication headers...

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Problem is - even with that header, you are not going to be able to do
anything, since the HTTP_AUTHORIZATION header is not provided to CGI's
since it is such a gaping security hole on multi-user servers.

Any malicious user on that server can easily trap that passwords for any
other authenticated service on that server, simply by tricking someone
into going to a different web page on that server.

-- Nathan

Daniel Lorch wrote:
> 
> Hi,
> 
> your php-cgiwrap is alright. This is a limitation of PHP running in
> CGI-mode. Use 'Status:' to make it work:
> 
>   $realm = "Restricted";
>   header("WWW-authenticate: basic realm=\"$realm\"") ;
>   header("Status: 401 Unauthorized");
> 
> Daniel Lorch http://daniel.lorch.cc/
> 
> ----- Original Message -----
> From   : jeff bert [mailto:soi...@sg...]
> Sent   : Mittwoch, 1. Mai 2002
> Subject: [cgiwrap-users] php-cgiwrap won't process authentication headers...
> 
> > my install of php-cgiwrap won't process authentication headers... called
> > like this:
> 
> > $realm = "Restricted";
> > header("WWW-authenticate: basic realm=\"$realm\"") ;
> > header("HTTP/1.0 401 Unauthorized") ;
> 
> > Do I have a funky setup or is this a limitation of php-cgiwrap?
> 
> > The error log shows:
> 
> > [Tue Apr 30 18:31:43 2002] [error] [client:xx.xx.xx.xx] malformed header
> > from script. Bad header=HTTP/1.0 401 Unauthorized:
> > /var/www/cgi-sys/php-cgiwrap
> 
> > Thanks,
> 
> > Jeff

-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216