Re: CGI/1.0: last call (Ari Luotonen)
From: (Ari Luotonen)
Date: Sun, 5 Dec 93 13:40:08 +0100
Message-id: <>
Subject: Re: CGI/1.0: last call

> >> No, we found that the server had to parse some of the header anyway, and
> >> therefore did not make the header lines available to the script for
> >> implementation reasons. Is there something from the header you'd like to see
> >> that isn't in the spec?
> >
> > Yes, I want header line "authenticate" to have the password for the
> >username or an environemental variable with "username:password" uuencoded.
>  Sorry, there is a bug ... it is header line "authorization" and not
> "authenticate".

No.  Password should be kept inside the server for security reasons.
The environment variable REMOTE_USER is only defined if user has
successfully authenticated himself.  This should be enough.

-- Cheers, Ari --