httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Harris" <dhar...@drh.net>
Subject RE: Passing passwords to CGI
Date Wed, 04 Aug 1999 13:50:55 GMT


 - David Harris
   Principal Engineer, DRH Internet Services


-----Original Message-----
From:	new-httpd-owner@apache.org [mailto:new-httpd-owner@apache.org] On Behalf
Of Graham Leggett
Sent:	Wednesday, August 04, 1999 9:03 AM
To:	new-httpd@apache.org
Subject:	Re: Passing passwords to CGI

Dirk-Willem van Gulik wrote:

> > Is there a "correct" way of doing this?
>
> No, of course not :-) but the solution is
>
> Adding to your cflags
>
>         CFLAGS += -DSECURITY_HOLE_PASS_AUTHORIZATION
>
> Do a grep in the source (util_script.c) for the full story.

Here's a thought - how about including the capability for passwords to
be inserted into the POST data that a CGI reads via stdin, ie the
password could be read as if it was simply another option on a form.

The name of this POST variable would be configurable so it didn't clash
with any existing variables in CGI.

Is this a good idea? If so, I'll try get it to work.

Regards,
Graham
--
-----------------------------------------
minfrin@sharp.fm		"There's a moon
					over Bourbon Street
						tonight...


Mime
View raw message