Menu
▾
▴
Re: [phpesp-dev] damn cgi mode
|
From: Matthew G. <gr...@mu...> - 2004-09-02 18:19:54
|
Since we may be dealing with several "unsupported" configurations. I added a new config variable to phpESP.ini, an array that contains unsupported strings. Changed the check in manage.php to look up against the new variable. On Wed, 2004-09-01 at 17:19 -0400, James Flemer wrote: > I took a look at your changes and it looks good to me for detecting CGI. > Good idea pointing to the FAQ. I think that you can detect IIS with: > > php_sapi_name() == 'isapi' > > There are a ton of other SAPI but I guess we can add them one by one to > the check as we get feedback. > > -James > > Quoting Matthew Gregg <gr...@mu...>: > > > Just committed changes to manage.php and the FAQ that checks for PHP > > running in CGI mode and auth_design enabled. I'm unsure what to look > > for if IIS is being used? > > Currently it displays a fatal warning message with a link to the FAQ > > that describes the situation. > > > > I'm against disabling auth. automatically, but will add that if anyone > > feels strongly for it. > > > > On Wed, 2004-09-01 at 10:01 -0400, Matthew Gregg wrote: > > > I was planning to rip out the php "basic auth" code and replace it > > with > > > a form/session post 1.7. Since this is a such a pain for folks, I'll > > do > > > the detect and alert version this week, maybe today. Of course I > > may > > > not get to this if we end up doing an evac. for hurricane Frances. > > > > > > On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > > > > Hey guys, > > > > > > > > Can we elimitate this stupid problem with authentication in CGI > > mode > > > > (and IIS) mode for good? Clearly it can be detected with code, > > because > > > > I wrote code for test.php to check the SAPI and such and print bad > > stuff > > > > in red. How about we change the admin interface to disable auth on > > the > > > > fly when it detects CGI or IIS? It can print out a big error > > message > > > > telling the user their fly is unzipped, unless it detects Apache > > Basic > > > > Auth (REMOTE_USER is set). > > > > > > > > Any takers on coding it up? I know Matthew Gregg is/was trying to > > make > > > > a new release... Let's fix this damn nuisance before the release. > > > > > > > > Send a patch to the list, or just commit away and report back if > > you've > > > > got CVS access. > > > > > > > > -James > > > > > > > > > > > > ------------------------------------------------------- > > > > This SF.Net email is sponsored by BEA Weblogic Workshop > > > > FREE Java Enterprise J2EE developer tools! > > > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > > > _______________________________________________ > > > > phpESP-devel mailing list > > > > php...@li... > > > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > > > -- > > mcg > > ------------------------------------- > > The IT Lab (http://www.itlab.musc.edu) > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by BEA Weblogic Workshop > > FREE Java Enterprise J2EE developer tools! > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > _______________________________________________ > > phpESP-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > > -James > -- > Quis custodiet ipsos custodes? > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -- mcg ------------------------------------- The IT Lab (http://www.itlab.musc.edu) |
