Re[2]: [cgiwrap-users] php-cgiwrap won't process authentication headers...
Brought to you by:
nneul
Menu
▾
▴
Re[2]: [cgiwrap-users] php-cgiwrap won't process authentication headers...
|
From: Daniel L. <da...@lo...> - 2002-05-01 13:33:35
|
hi, Sorry Nathan, I misunderstood you. Of course you are completely right - this headers are useless as you won't get access to the password set by the HTTP authorization mechanism. You'd have to look out for Apache-based authentication mechanisms. There are plenty of mod_auth_* for all your needs. Once a user has logged in successfuly you can completely rely on the value $_SERVER['REMOTE_USER']; -daniel ----- Original Message ----- From : Nathan Neulinger [mailto:nn...@um...] Sent : Mittwoch, 1. Mai 2002 Subject: [cgiwrap-users] php-cgiwrap won't process authentication headers... > Problem is - even with that header, you are not going to be able to do > anything, since the HTTP_AUTHORIZATION header is not provided to CGI's > since it is such a gaping security hole on multi-user servers. > Any malicious user on that server can easily trap that passwords for any > other authenticated service on that server, simply by tricking someone > into going to a different web page on that server. > -- Nathan |
