PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

In Case You Missed It... The Week of May 2, 2005
In Case You Missed It...The Week of May 30, 2005
Reading RSS feeds in PHP: Part 2
Databases in PHP, SQL Basics
phpwiki - The Wiki for PHP Developers

php-developer-list | 2002112

Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW From: Derick Rethans (derick <email protected>)
Date: 11/18/02

Next message: Mattia: "Re: [PHP-DEV] error handling"
Previous message: Edin Kadribasic: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
In reply to: Edin Kadribasic: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
Next in thread: Jani Taskinen: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 18 Nov 2002, Edin Kadribasic wrote:

> On Sun, 17 Nov 2002, Rasmus Lerdorf wrote:
>
> > I don't have the energy to do a cvs check, but I remember adding this
> > restriction years ago (php2 days) and then removing it (by commenting out
> > the check) ages ago as well. I'm not sure PHP4 ever had this check turned
> > on (the commented out check was ported to php4), so the documentation has
> > not reflected reality in a very long time.
>
> I agree that this change is going to break a lot of code. Some of it is my
> own :)
>
> I suggest that we always populate $PHP_AUTH_USER since that one has no
> security consequences and the information is awailable elsewhere
> ($_SERVER['REMOTE_USER']). $PHP_AUTH_PW should be set when there are no
> safe_mode/open_basedir restrctions in effects.
>
> Would this solution be satisfactory to everyone?

Perfectly fine with me.

Derick

--------------------------------------------------------------------------- Derick Rethans http://derickrethans.nl/ JDI Media Solutions --------------[ if you hold a unix shell to your ear, do you hear the c? ]-

-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Next message: Mattia: "Re: [PHP-DEV] error handling"
Previous message: Edin Kadribasic: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
In reply to: Edin Kadribasic: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
Next in thread: Jani Taskinen: "Re: [PHP-DEV] Re: #20461 [Opn->Bgs]: Unable to access $PHP_AUTH_USER or $PHP_AUTH_PW"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]