httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject Re: [PATCH] define to allow passing of Authorization header
Date Sat, 01 Nov 1997 20:55:00 GMT
On Fri, Oct 31, 1997 at 08:45:28PM -0700, Marc Slemko wrote:
> +	/*
> +	 * You really don't want to disable this check, since it leaves you
> +	 * wide open to CGIs stealing passwords and people viewing them
> +	 * in the environment with "ps -e".  But, if you must...
> +	 */
> +#ifndef PASS_AUTHORIZATION
>  	else if (!strcasecmp(hdrs[i].key, "Authorization"))
>  	    continue;
> +#endif

If people _find_ this code location (and the comment which makes the
consequences clear), they could as well have commented the lines out.
So: +0.5    (positive because it closes a PR, not +1 because of the
possible consequences)

    Martin
-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message