Re: CGI/1.0: last call

luotonen@ptsun00.cern.ch (Ari Luotonen)

Mail folder: WWW Talk Oct 93-present
Next message: ts: "Re: CGI/1.0: last call"
Previous message: ts: "CGI/1.0: last call"
In-reply-to: ts: "CGI/1.0: last call"
Reply: ts: "Re: CGI/1.0: last call"

From: luotonen@ptsun00.cern.ch (Ari Luotonen)
Date: Sun, 5 Dec 93 13:40:08 +0100
Message-id: <9312051240.AA13709@ptsun03.cern.ch>
To: robm@ncsa.uiuc.edu, decoux@moulon.inra.fr
Subject: Re: CGI/1.0: last call
Cc: www-talk@nxoc01.cern.ch


> >> No, we found that the server had to parse some of the header anyway, and
> >> therefore did not make the header lines available to the script for
> >> implementation reasons. Is there something from the header you'd like to see
> >> that isn't in the spec?
> >
> > Yes, I want header line "authenticate" to have the password for the
> >username or an environemental variable with "username:password" uuencoded.
> 
>  Sorry, there is a bug ... it is header line "authorization" and not
> "authenticate".

No.  Password should be kept inside the server for security reasons.
The environment variable REMOTE_USER is only defined if user has
successfully authenticated himself.  This should be enough.


-- Cheers, Ari --