httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Jones" <>
Subject Re: Passing passwords to CGI
Date Wed, 04 Aug 1999 11:06:14 GMT
> Hi all,
> I have the need for a CGI program to know the username and password the
> user logged in with, so that I can use this info to bind to an LDAP
> server. I know that the username is passed in the environment, but what
> about the password? Can Apache do this?
> If not, are there security issues with passing the password in the
> environment? Anyone know of any patches so that Apache can do this?
> Is there a "correct" way of doing this?
> Regards,
> Graham


You can just ask them to 'log in' a fake form.  We do that using https (port
443) with digital certificates.

Then, using normal CGI, capture the UserID and Passwd anyway you want...

CGI, HTTP, and the Internet as a whole is not secure by it's nature.

I would highly recommend either Raven, Stronghold, or doing it yourself
using Apache-SSL (if you are building secure servers outside the US.)

-Sneex-  :]
 "Never Mind" -- I'll improvise, adapt, and overcome;
  everything else will be deleted...

         Jacksonville Perl Mongers

View raw message