Re: CGI and REMOTE_USER (Rob McCool)
Message-id: <>
From: (Rob McCool)
Date: Thu, 20 Jan 1994 15:22:16 -0600
In-Reply-To: George Phillips <>
       "Re: CGI and REMOTE_USER" (Jan 19, 11:49am)
X-Mailer: Mail User's Shell (7.2.5 10/14/92)
To: George Phillips <>
Subject: Re: CGI and REMOTE_USER
Content-Length: 929
 *    written on Jan 19, 11:49am.
 * I only object to the name.  It should really be something like
 * REMOTE_IDENT.  We don't want to promote the fallacies that
 * RFC931 gives you the username and, especially, that the information
 * it gives you is useful for anything but audit information.

Hmmm, a good point. It is trivial to forge this information and LOGNAME
implies that the variable is really the remote username.

Okay, so how about REMOTE_IDENT? Anyone object to that?

 * Along those lines, it should probably be base64 encoded since
 * it could be binary.

Why? I see nothing in the RFC which implies that it could be binary, in
fact, the reply is specified to be terminated by a CR/LF pair. Is there
something I'm not reading correctly? Similarly, rfc931.c uses fgets to read
the server's reply which would probably be munged horribly by binary output
from the server.