httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: Basic Authentication from C
Date Thu, 02 May 2002 16:09:46 GMT
> On Thu, 2 May 2002 wrote:
> > I've been trying to hack the xmlrpc-c library to support
> > server-side basic authentication, but I can't find any
> > environmental variable or method of accessing the
> > password that should be passed by basic authentication.
> > Some servers use HTTP_AUTHENTICATION, others use
> > AUTH_PASS or REMOTE_PASS, but I can't find any instance
> > of these in the apache source.
> >
> > Is there a way to access the Basic: header, either
> > through environmental variables or another trick?
> For important security reasons, you can access the
> password only if you are running as an apache module, not
> if you are running as a cgi script. The password is not
> placed in the environment.
> define (or something similar) that will allow this, but it
> is certainly not recommended.)

I'm not quite following you concerning the reasoning; even
if it is a huge security hole (for basic authentication...),
why not allow a configuration directive letting this
capability be set on or off? Then it would be possible to
write CGI's that access the information only when it is

// free anonymous email || forums \\ subZINE || anonymous browsing 
            subDIMENSION --

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message