httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: Passing passwords to CGI
Date Wed, 04 Aug 1999 12:18:16 GMT


On Wed, 4 Aug 1999, Graham Leggett wrote:

> I have the need for a CGI program to know the username and password the
> user logged in with, so that I can use this info to bind to an LDAP
> server. I know that the username is passed in the environment, but what
> about the password? Can Apache do this?
> 
> If not, are there security issues with passing the password in the
> environment? Anyone know of any patches so that Apache can do this?
> 
> Is there a "correct" way of doing this?

Depening on the deployment; we have written for a few bespoke projects
typically an extra module inside apache which does the ldap connection
stuff; and then export the connection acessors, information or
filedescritors to whatever backend is in use; i.e. let the web server act
as a filter, as it is in the position to know what is good, and what is
bad. This also ties in well with the management model; just one
access.conf managed by the right person. Having deployed a few solutions
based around this and found it to fit well with the disperse security,
management and developers requiements.

Dw


Mime
View raw message