httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: How apache can pass the Authorization: header to a script ? (was: Re: Apache CGI Authentication) (fwd)
Date Mon, 10 Nov 1997 16:57:04 GMT
On Mon, 10 Nov 1997, Dirk-Willem van Gulik wrote:

> I understand that; and I think that the current behavour (or am I wrong
> in understanding mod-proxy and its interaction with cgi ?) is that when
> apache is acting as a proxy; it will remove those lines, (i.e. it does
> not pass them on to the origin server) but when it is somehow configured
> 'as a normalish server' to have some CGI acting as a proxy (we do that
> here for example for ldap and urn resolution experiments) then this CGI
> should really have access to those headers; in particular because they
> where most likely caused to be supplied by the same script.

You miss the point.  You can argue about why you should have the
Authorization: header passed as well.  The point is that it is not secure,
period.  Any possible uses of it does not make it secure.  

> So in short, I would say that this is a very differnt case.
> Dw.

View raw message