Menu
▾
▴
phpesp-devel
|
From: James E. F. <jf...@uv...> - 2004-09-01 04:00:04
|
Hey guys, Can we elimitate this stupid problem with authentication in CGI mode (and IIS) mode for good? Clearly it can be detected with code, because I wrote code for test.php to check the SAPI and such and print bad stuff in red. How about we change the admin interface to disable auth on the fly when it detects CGI or IIS? It can print out a big error message telling the user their fly is unzipped, unless it detects Apache Basic Auth (REMOTE_USER is set). Any takers on coding it up? I know Matthew Gregg is/was trying to make a new release... Let's fix this damn nuisance before the release. Send a patch to the list, or just commit away and report back if you've got CVS access. -James |
|
From: Matthew G. <gr...@mu...> - 2004-09-01 14:03:02
|
I was planning to rip out the php "basic auth" code and replace it with a form/session post 1.7. Since this is a such a pain for folks, I'll do the detect and alert version this week, maybe today. Of course I may not get to this if we end up doing an evac. for hurricane Frances. On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > Hey guys, > > Can we elimitate this stupid problem with authentication in CGI mode > (and IIS) mode for good? Clearly it can be detected with code, because > I wrote code for test.php to check the SAPI and such and print bad stuff > in red. How about we change the admin interface to disable auth on the > fly when it detects CGI or IIS? It can print out a big error message > telling the user their fly is unzipped, unless it detects Apache Basic > Auth (REMOTE_USER is set). > > Any takers on coding it up? I know Matthew Gregg is/was trying to make > a new release... Let's fix this damn nuisance before the release. > > Send a patch to the list, or just commit away and report back if you've > got CVS access. > > -James > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -- mcg ------------------------------------- The IT Lab (http://www.itlab.musc.edu) |
|
From: Matthew G. <gr...@mu...> - 2004-09-01 15:59:28
|
Just committed changes to manage.php and the FAQ that checks for PHP running in CGI mode and auth_design enabled. I'm unsure what to look for if IIS is being used? Currently it displays a fatal warning message with a link to the FAQ that describes the situation. I'm against disabling auth. automatically, but will add that if anyone feels strongly for it. On Wed, 2004-09-01 at 10:01 -0400, Matthew Gregg wrote: > I was planning to rip out the php "basic auth" code and replace it with > a form/session post 1.7. Since this is a such a pain for folks, I'll do > the detect and alert version this week, maybe today. Of course I may > not get to this if we end up doing an evac. for hurricane Frances. > > On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > > Hey guys, > > > > Can we elimitate this stupid problem with authentication in CGI mode > > (and IIS) mode for good? Clearly it can be detected with code, because > > I wrote code for test.php to check the SAPI and such and print bad stuff > > in red. How about we change the admin interface to disable auth on the > > fly when it detects CGI or IIS? It can print out a big error message > > telling the user their fly is unzipped, unless it detects Apache Basic > > Auth (REMOTE_USER is set). > > > > Any takers on coding it up? I know Matthew Gregg is/was trying to make > > a new release... Let's fix this damn nuisance before the release. > > > > Send a patch to the list, or just commit away and report back if you've > > got CVS access. > > > > -James > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by BEA Weblogic Workshop > > FREE Java Enterprise J2EE developer tools! > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > _______________________________________________ > > phpESP-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > -- mcg ------------------------------------- The IT Lab (http://www.itlab.musc.edu) |
|
From: James F. <jf...@uv...> - 2004-09-01 21:19:34
|
I took a look at your changes and it looks good to me for detecting CGI. Good idea pointing to the FAQ. I think that you can detect IIS with: php_sapi_name() == 'isapi' There are a ton of other SAPI but I guess we can add them one by one to the check as we get feedback. -James Quoting Matthew Gregg <gr...@mu...>: > Just committed changes to manage.php and the FAQ that checks for PHP > running in CGI mode and auth_design enabled. I'm unsure what to look > for if IIS is being used? > Currently it displays a fatal warning message with a link to the FAQ > that describes the situation. > > I'm against disabling auth. automatically, but will add that if anyone > feels strongly for it. > > On Wed, 2004-09-01 at 10:01 -0400, Matthew Gregg wrote: > > I was planning to rip out the php "basic auth" code and replace it > with > > a form/session post 1.7. Since this is a such a pain for folks, I'll > do > > the detect and alert version this week, maybe today. Of course I > may > > not get to this if we end up doing an evac. for hurricane Frances. > > > > On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > > > Hey guys, > > > > > > Can we elimitate this stupid problem with authentication in CGI > mode > > > (and IIS) mode for good? Clearly it can be detected with code, > because > > > I wrote code for test.php to check the SAPI and such and print bad > stuff > > > in red. How about we change the admin interface to disable auth on > the > > > fly when it detects CGI or IIS? It can print out a big error > message > > > telling the user their fly is unzipped, unless it detects Apache > Basic > > > Auth (REMOTE_USER is set). > > > > > > Any takers on coding it up? I know Matthew Gregg is/was trying to > make > > > a new release... Let's fix this damn nuisance before the release. > > > > > > Send a patch to the list, or just commit away and report back if > you've > > > got CVS access. > > > > > > -James > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email is sponsored by BEA Weblogic Workshop > > > FREE Java Enterprise J2EE developer tools! > > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > > _______________________________________________ > > > phpESP-devel mailing list > > > php...@li... > > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > -- > mcg > ------------------------------------- > The IT Lab (http://www.itlab.musc.edu) > > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -James -- Quis custodiet ipsos custodes? |
|
From: Matthew G. <gr...@mu...> - 2004-09-02 18:19:54
|
Since we may be dealing with several "unsupported" configurations. I added a new config variable to phpESP.ini, an array that contains unsupported strings. Changed the check in manage.php to look up against the new variable. On Wed, 2004-09-01 at 17:19 -0400, James Flemer wrote: > I took a look at your changes and it looks good to me for detecting CGI. > Good idea pointing to the FAQ. I think that you can detect IIS with: > > php_sapi_name() == 'isapi' > > There are a ton of other SAPI but I guess we can add them one by one to > the check as we get feedback. > > -James > > Quoting Matthew Gregg <gr...@mu...>: > > > Just committed changes to manage.php and the FAQ that checks for PHP > > running in CGI mode and auth_design enabled. I'm unsure what to look > > for if IIS is being used? > > Currently it displays a fatal warning message with a link to the FAQ > > that describes the situation. > > > > I'm against disabling auth. automatically, but will add that if anyone > > feels strongly for it. > > > > On Wed, 2004-09-01 at 10:01 -0400, Matthew Gregg wrote: > > > I was planning to rip out the php "basic auth" code and replace it > > with > > > a form/session post 1.7. Since this is a such a pain for folks, I'll > > do > > > the detect and alert version this week, maybe today. Of course I > > may > > > not get to this if we end up doing an evac. for hurricane Frances. > > > > > > On Tue, 2004-08-31 at 21:59 -0600, James E. Flemer wrote: > > > > Hey guys, > > > > > > > > Can we elimitate this stupid problem with authentication in CGI > > mode > > > > (and IIS) mode for good? Clearly it can be detected with code, > > because > > > > I wrote code for test.php to check the SAPI and such and print bad > > stuff > > > > in red. How about we change the admin interface to disable auth on > > the > > > > fly when it detects CGI or IIS? It can print out a big error > > message > > > > telling the user their fly is unzipped, unless it detects Apache > > Basic > > > > Auth (REMOTE_USER is set). > > > > > > > > Any takers on coding it up? I know Matthew Gregg is/was trying to > > make > > > > a new release... Let's fix this damn nuisance before the release. > > > > > > > > Send a patch to the list, or just commit away and report back if > > you've > > > > got CVS access. > > > > > > > > -James > > > > > > > > > > > > ------------------------------------------------------- > > > > This SF.Net email is sponsored by BEA Weblogic Workshop > > > > FREE Java Enterprise J2EE developer tools! > > > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > > > _______________________________________________ > > > > phpESP-devel mailing list > > > > php...@li... > > > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > > > -- > > mcg > > ------------------------------------- > > The IT Lab (http://www.itlab.musc.edu) > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by BEA Weblogic Workshop > > FREE Java Enterprise J2EE developer tools! > > Get your free copy of BEA WebLogic Workshop 8.1 today. > > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > > _______________________________________________ > > phpESP-devel mailing list > > php...@li... > > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > > > > > -James > -- > Quis custodiet ipsos custodes? > > > ------------------------------------------------------- > This SF.Net email is sponsored by BEA Weblogic Workshop > FREE Java Enterprise J2EE developer tools! > Get your free copy of BEA WebLogic Workshop 8.1 today. > http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click > _______________________________________________ > phpESP-devel mailing list > php...@li... > https://lists.sourceforge.net/lists/listinfo/phpesp-devel > -- mcg ------------------------------------- The IT Lab (http://www.itlab.musc.edu) |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X