Re: CGI/1.0: last call

luotonen@ptsun00.cern.ch (Ari Luotonen)
From: luotonen@ptsun00.cern.ch (Ari Luotonen)
Date: Sun, 5 Dec 93 13:40:08 +0100
Message-id: <9312051240.AA13709@ptsun03.cern.ch>
To: robm@ncsa.uiuc.edu, decoux@moulon.inra.fr
Subject: Re: CGI/1.0: last call
Cc: www-talk@nxoc01.cern.ch

> >> No, we found that the server had to parse some of the header anyway, and
> >> therefore did not make the header lines available to the script for
> >> implementation reasons. Is there something from the header you'd like to see
> >> that isn't in the spec?
> >
> > Yes, I want header line "authenticate" to have the password for the
> >username or an environemental variable with "username:password" uuencoded.
> 
>  Sorry, there is a bug ... it is header line "authorization" and not
> "authenticate".

No.  Password should be kept inside the server for security reasons.
The environment variable REMOTE_USER is only defined if user has
successfully authenticated himself.  This should be enough.


-- Cheers, Ari --