Re: [mod-security-users] Finding out a password from basic auth?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

> So does anyone know of some obscure configuration directive to tell Apache
> to set ta REMOTE_PASSWORD environment variable? Or would I need to hack
> the source code? If the latter, has anyone already done it and can send me
> a patch?

   The password is available to the script encoded in a HTTP header.
   A quick Google search gave this link, among others:

   http://frontier.userland.com/stories/storyReader$2159

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]