Return-Path: Delivered-To: new-httpd-archive@hyperreal.org Received: (qmail 29389 invoked by uid 6000); 4 Aug 1999 13:03:14 -0000 Received: (qmail 29333 invoked from network); 4 Aug 1999 13:03:08 -0000 Received: from penguin-ext.wise.edt.ericsson.se (HELO penguin.wise.edt.ericsson.se) (194.237.142.110) by taz.hyperreal.org with SMTP; 4 Aug 1999 13:03:08 -0000 Received: from dsnstar.dsn.ericsson.se (dsnstar.dsn.ericsson.se [164.48.68.130]) by penguin.wise.edt.ericsson.se (8.9.3/8.9.3/WIREfire-1.3) with ESMTP id PAA01745 for ; Wed, 4 Aug 1999 15:02:42 +0200 (MET DST) Received: from sharp.fm (infobase.ericsson.se [193.78.100.33]) by dsnstar.dsn.ericsson.se (8.8.5/8.8.5) with ESMTP id PAA22750 for ; Wed, 4 Aug 1999 15:02:42 +0200 (MET DST) Message-ID: <37A839F0.733D9A9F@sharp.fm> Date: Wed, 04 Aug 1999 15:02:40 +0200 From: Graham Leggett X-Mailer: Mozilla 4.61 [en] (X11; I; SunOS 5.6 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: new-httpd@apache.org Subject: Re: Passing passwords to CGI References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@apache.org Status: O Dirk-Willem van Gulik wrote: > > Is there a "correct" way of doing this? > > No, of course not :-) but the solution is > > Adding to your cflags > > CFLAGS += -DSECURITY_HOLE_PASS_AUTHORIZATION > > Do a grep in the source (util_script.c) for the full story. Here's a thought - how about including the capability for passwords to be inserted into the POST data that a CGI reads via stdin, ie the password could be read as if it was simply another option on a form. The name of this POST variable would be configurable so it didn't clash with any existing variables in CGI. Is this a good idea? If so, I'll try get it to work. Regards, Graham -- ----------------------------------------- minfrin@sharp.fm "There's a moon over Bourbon Street tonight...